From 3c81d417f56986225ef5e7198d29f5373fdc7e9e Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Wed, 17 Jul 2024 21:53:05 +1000 Subject: [PATCH 01/51] App segment management --- ...traBetaPrivateAccessApplicationSegment.ps1 | 34 ++++++ ...traBetaPrivateAccessApplicationSegment.ps1 | 82 +++++++++++++ ...traBetaPrivateAccessApplicationSegment.ps1 | 23 ++++ ...ntraBetaPrivateAccessApplicationSegment.md | 109 ++++++++++++++++++ 4 files changed, 248 insertions(+) create mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..7ee975e66 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,34 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Get-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding(DefaultParameterSetName = 'AllApplicationSegments')] + param ( + + [Alias('id')] + [Parameter(Mandatory = $True, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [string] + $ObjectId, + + [Parameter(Mandatory = $False, Position = 2, ParameterSetName = 'SingleApplicationSegment')] + [string] + $ApplicationSegmentId + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + switch ($PSCmdlet.ParameterSetName) { + "AllApplicationSegments" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectId/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments" + $response.value + break + } + "SingleApplicationSegment" { + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectId/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/$ApplicationSegmentId" + break + } + } + } +} diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..6a653565b --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,82 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function New-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding()] + param ( + + [Alias('id')] + [Parameter(Mandatory = $True, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [string] + $ObjectID, + + [Parameter(Mandatory = $True)] + [string] + $DestinationHost, + + [Parameter(Mandatory = $False)] + [string[]] + $Ports, + + [Parameter(Mandatory = $False)] + [ValidateSet("TCP", "UDP")] + [string[]] + $Protocol, + + [Parameter(Mandatory = $True)] + [ValidateSet("ipAddress", "dnsSuffix", "ipRangeCidr","ipRange","FQDN")] + [string] + $DestinationType + ) + + PROCESS { + + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + $portRanges = @() + + foreach ($port in $Ports){ + if (!$port.Contains("-")) { + $portRanges += $port + "-" + $port + } + else { + $portRanges += $port + } + } + + if ($DestinationType -eq "dnsSuffix") + { + $body = @{ + destinationHost = $DestinationHost.ToLower() + destinationType = 'dnsSuffix' + } + } + else + { + switch ($DestinationType) { + "ipAddress" { $dstType = 'ip' } + "ipRange" { $dstType = 'ipRange' } + "fqdn" { $dstType = 'fqdn' } + "ipRangeCidr" { $dstType = 'ipRangeCidr' } + } + $body = @{ + destinationHost = $DestinationHost.ToLower() + protocol = $Protocol.ToLower() -join "," + ports = $portRanges + destinationType = $dstType + } + } + + $bodyJson = $body | ConvertTo-Json -Depth 99 -Compress + + $params = @{ + Method = 'POST' + Uri = "https://graph.microsoft.com/beta/applications/$ObjectID/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/" + Headers = $customHeaders + Body = $bodyJson + OutputType = 'PSObject' + } + + Invoke-GraphRequest @params +} +} diff --git a/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..337756f42 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,23 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Remove-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding()] + param ( + [Parameter(Mandatory = $True, Position = 1)] + [string] + $ObjectID, + + [Parameter(Mandatory = $False, Position = 2)] + [string] + $ApplicationSegmentId + ) + + PROCESS { + + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + Invoke-GraphRequest -Method DELETE -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectID/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/$ApplicationSegmentId" + } +} diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..cfcf96e44 --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,109 @@ +--- +title: Get-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the Get-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 06/26/2024 +ms.author: andres-canello +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Get-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +## Description +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +## Examples + +### Example 1: Retrieve all application segments associated to an application +```powershell +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -Objectid b97db9dd-85c7-4365-ac05-bd824728ab83 +``` +```output +destinationHost : 10.1.1.20 +destinationType : ip +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 + +destinationHost : 10.20.20.20 +destinationType : ip +port : 0 +ports : {8080-8080} +protocol : tcp +id : 47da55f4-26b1-47ab-a34c-20a86a5e22a7 +``` + +This command retrieves all application segments for an application. + +### Example 2: Retrieve a specific application segment associated to an application +```powershell +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` +```output +destinationHost : 10.1.1.20 +destinationType : ip +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +This example demonstrates how to retrieve information for a specific application segment. + +## Parameters + +### -Objectid +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: AllApplicationSegments, SingleApplicationSegment +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationSegmentId +Specifies a specific application segment to retrieve. + +```yaml +Type: String +Parameter Sets: SingleApplicationSegment +Aliases: + +Required: False +Position: 2, Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file From ea75e4f345b068dcd0d8f2d90d07a7c3383b3b2c Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 18 Jul 2024 10:56:00 +1000 Subject: [PATCH 02/51] Update Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index cfcf96e44..e485ce887 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the Get-EntraBetaPrivateAccessAppl ms.topic: reference ms.date: 06/26/2024 -ms.author: andres-canello +ms.author: andresc ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello From 6845a906dde5cc74bf327fe6e616a0bface08e29 Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 18 Jul 2024 11:55:16 +1000 Subject: [PATCH 03/51] More docs --- ...ntraBetaPrivateAccessApplicationSegment.md | 8 +- ...ntraBetaPrivateAccessApplicationSegment.md | 174 ++++++++++++++++++ ...ntraBetaPrivateAccessApplicationSegment.md | 77 ++++++++ 3 files changed, 255 insertions(+), 4 deletions(-) create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index e485ce887..1fb85137b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -17,16 +17,16 @@ schema: 2.0.0 # Get-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Description -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Examples ### Example 1: Retrieve all application segments associated to an application ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -Objectid b97db9dd-85c7-4365-ac05-bd824728ab83 +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 ``` ```output destinationHost : 10.1.1.20 @@ -63,7 +63,7 @@ This example demonstrates how to retrieve information for a specific application ## Parameters -### -Objectid +### -ObjectId The object id of a Private Access application object. ```yaml diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..94a0b6d9d --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,174 @@ +--- +title: New-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the New-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 07/18/2024 +ms.author: andresc +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# New-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +## Description +The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +## Examples + +### Example 1: Create a simple application segment +```powershell +PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost ssh.contoso.local -Ports 22 -Protocol TCP -DestinationType FQDN +``` +```output +destinationHost : ssh.contoso.local +destinationType : FQDN +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +### Example 2: Create an application segment using ranges of IPs and multiple ports +```powershell +PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost 192.168.1.100..192.168.1.110 -Ports 22,3389 -Protocol TCP,UDP -DestinationType ipRange +``` +```output +destinationHost : 192.168.1.100..192.168.1.110 +destinationType : ipRange +port : 0 +ports : {22-22, 3389-3389} +protocol : tcp,udp +id : 36b4dd89-3a6f-44b8-9e5b-d5be08688977 +``` + +### Example 3: Create application segments using an input file + +AppSegments.csv + +AppOId,DestHost,ports,protocol,type\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.95.0/24,"1-21","udp",ipRangeCidr + +CreateAppSegments.ps1 +```powershell +$csvFile = "C:\temp\AppSegments.csv" + +# Assuming the CSV file has columns named 'AppOId', 'DestHost', 'ports', 'protocol', 'type' +$variables = Import-Csv $csvFile + +# Loop through each row of the CSV and execute the command for each set of variables +foreach ($variable in $variables) { + $AppOId = $variable.AppOId + $DestHost = $variable.DestHost + $ports = $variable.ports -split "," + $protocol = $variable.protocol -split "," + $type = $variable.type + + # Execute the command + New-EntraBetaPrivateAccessApplicationSegment -ObjectId $AppOId -DestinationHost $DestHost -Ports $ports -Protocol $protocol -DestinationType $type +} +``` + + +## Parameters + +### -ObjectId +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DestinationHost +Destination host for the application segment. It can be an IP address, a range of IPs (10.10.10.1..10.10.10.200), a CIDR range (10.1.1.0/24) or an FQDN (ssh.contoso.local). Additionally, DNS suffixes for Quick Access can be created with dnsSuffix. + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Ports +Ports for the application segment. It can be a single port, a range (1..100) or a list (22,3389). + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Protocol +Protocol for the application segment. It can be a single protocol (TCP) or a list (TCP,UDP). + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DestinationType +Destination type for the application segment. It can be "ipAddress", "dnsSuffix", "ipRangeCidr", "ipRange", or "FQDN". + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..9ad150917 --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,77 @@ +--- +title: Remove-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the Remove-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 07/18/2024 +ms.author: andresc +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Remove-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. + +## Description +The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. + +## Examples + +### Example 1: Delete an application segment +```powershell +PS C:\> Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +## Parameters + +### -ObjectId +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationSegmentId +The application segment id of the application segment to be deleted. + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: 2, Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file From d7b5be0d4fe27808021b4a39194b881cbcdbc4c2 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Wed, 24 Jul 2024 01:09:52 +0300 Subject: [PATCH 04/51] Docs update - formatting --- ...ntraBetaPrivateAccessApplicationSegment.md | 44 ++++++--- ...ntraBetaPrivateAccessApplicationSegment.md | 95 ++++++++++++------- ...ntraBetaPrivateAccessApplicationSegment.md | 10 +- 3 files changed, 101 insertions(+), 48 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 1fb85137b..9f678b731 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -17,46 +17,57 @@ schema: 2.0.0 # Get-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +Retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Description -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +The `Get-EntraBetaPrivateAccessApplicationSegment` cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Examples ### Example 1: Retrieve all application segments associated to an application + ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 +Get-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' ``` -```output + +```Output destinationHost : 10.1.1.20 destinationType : ip port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff destinationHost : 10.20.20.20 destinationType : ip port : 0 ports : {8080-8080} protocol : tcp -id : 47da55f4-26b1-47ab-a34c-20a86a5e22a7 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` This command retrieves all application segments for an application. ### Example 2: Retrieve a specific application segment associated to an application + ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +$params = @{ + ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + ApplicationSegmentId = 'cccc2222-dd33-4444-55ee-666666ffffff' +} + +Get-EntraBetaPrivateAccessApplicationSegment @params ``` -```output + +```Output destinationHost : 10.1.1.20 destinationType : ip port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` This example demonstrates how to retrieve information for a specific application segment. @@ -64,10 +75,11 @@ This example demonstrates how to retrieve information for a specific application ## Parameters ### -ObjectId -The object id of a Private Access application object. + +The Object ID of a Private Access application object. ```yaml -Type: String +Type: System.String Parameter Sets: AllApplicationSegments, SingleApplicationSegment Aliases: id @@ -79,10 +91,11 @@ Accept wildcard characters: False ``` ### -ApplicationSegmentId + Specifies a specific application segment to retrieve. ```yaml -Type: String +Type: System.String Parameter Sets: SingleApplicationSegment Aliases: @@ -94,16 +107,19 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 94a0b6d9d..98395f670 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the New-EntraBetaPrivateAccessAppl ms.topic: reference ms.date: 07/18/2024 -ms.author: andresc +ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello @@ -17,77 +17,100 @@ schema: 2.0.0 # New-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +Creates an application segments associated to a Private Access application. ## Description -The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segments associated to a Private Access application. ## Examples ### Example 1: Create a simple application segment + ```powershell -PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost ssh.contoso.local -Ports 22 -Protocol TCP -DestinationType FQDN +New-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -DestinationHost 'ssh.contoso.local' -Ports 22 -Protocol TCP -DestinationType FQDN ``` -```output + +```Output destinationHost : ssh.contoso.local destinationType : FQDN port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` ### Example 2: Create an application segment using ranges of IPs and multiple ports + ```powershell -PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost 192.168.1.100..192.168.1.110 -Ports 22,3389 -Protocol TCP,UDP -DestinationType ipRange +$params = @{ + ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + DestinationHost = '192.168.1.100..192.168.1.110' + Ports = '22,3389' + Protocol = 'TCP,UDP' + DestinationType = 'ipRange' +} + +New-EntraBetaPrivateAccessApplicationSegment @params ``` -```output + +```Output destinationHost : 192.168.1.100..192.168.1.110 destinationType : ipRange port : 0 ports : {22-22, 3389-3389} protocol : tcp,udp -id : 36b4dd89-3a6f-44b8-9e5b-d5be08688977 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` ### Example 3: Create application segments using an input file AppSegments.csv -AppOId,DestHost,ports,protocol,type\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.95.0/24,"1-21","udp",ipRangeCidr +AppObjectId,DestHost,ports,protocol,type\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.95.0/24,"1-21","udp",ipRangeCidr CreateAppSegments.ps1 + ```powershell -$csvFile = "C:\temp\AppSegments.csv" - -# Assuming the CSV file has columns named 'AppOId', 'DestHost', 'ports', 'protocol', 'type' +$csvFile = "C:\temp\AppSegments.csv" + +# Assuming the CSV file has columns named 'AppObjectId', 'DestHost', 'ports', 'protocol', 'type' $variables = Import-Csv $csvFile - + # Loop through each row of the CSV and execute the command for each set of variables foreach ($variable in $variables) { - $AppOId = $variable.AppOId + $AppObjectId = $variable.AppObjectId $DestHost = $variable.DestHost $ports = $variable.ports -split "," $protocol = $variable.protocol -split "," $type = $variable.type - + # Execute the command - New-EntraBetaPrivateAccessApplicationSegment -ObjectId $AppOId -DestinationHost $DestHost -Ports $ports -Protocol $protocol -DestinationType $type + $params = @{ + ObjectId = $AppObjectId + DestinationHost = $DestHost + Ports = $ports + Protocol = $protocol + DestinationType = $type + } + + New-EntraBetaPrivateAccessApplicationSegment @params } ``` - ## Parameters ### -ObjectId -The object id of a Private Access application object. + +The object ID of a Private Access application object. ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: id Required: True @@ -98,11 +121,12 @@ Accept wildcard characters: False ``` ### -DestinationHost + Destination host for the application segment. It can be an IP address, a range of IPs (10.10.10.1..10.10.10.200), a CIDR range (10.1.1.0/24) or an FQDN (ssh.contoso.local). Additionally, DNS suffixes for Quick Access can be created with dnsSuffix. ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: Required: True @@ -113,11 +137,12 @@ Accept wildcard characters: False ``` ### -Ports + Ports for the application segment. It can be a single port, a range (1..100) or a list (22,3389). ```yaml Type: System.Collections.Generic.List`1[System.String] -Parameter Sets: +Parameter Sets: Aliases: Required: False @@ -128,11 +153,12 @@ Accept wildcard characters: False ``` ### -Protocol + Protocol for the application segment. It can be a single protocol (TCP) or a list (TCP,UDP). ```yaml Type: System.Collections.Generic.List`1[System.String] -Parameter Sets: +Parameter Sets: Aliases: Required: False @@ -143,11 +169,12 @@ Accept wildcard characters: False ``` ### -DestinationType + Destination type for the application segment. It can be "ipAddress", "dnsSuffix", "ipRangeCidr", "ipRange", or "FQDN". ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: Required: True @@ -157,18 +184,20 @@ Accept pipeline input: False Accept wildcard characters: False ``` - ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md index 9ad150917..d3a1274ff 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -17,21 +17,25 @@ schema: 2.0.0 # Remove-EntraBetaPrivateAccessApplicationSegment ## Synopsis + The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. ## Description + The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. ## Examples ### Example 1: Delete an application segment + ```powershell -PS C:\> Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 ``` ## Parameters ### -ObjectId + The object id of a Private Access application object. ```yaml @@ -47,6 +51,7 @@ Accept wildcard characters: False ``` ### -ApplicationSegmentId + The application segment id of the application segment to be deleted. ```yaml @@ -62,16 +67,19 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes ## RELATED LINKS \ No newline at end of file From 1e5054ce71b781a5b0b3173a77e6c220fa48bd8e Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 25 Jul 2024 21:34:50 +1000 Subject: [PATCH 05/51] Update New-EntraBetaPrivateAccessApplicationSegment.md --- .../New-EntraBetaPrivateAccessApplicationSegment.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 98395f670..7263a97a4 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -18,11 +18,11 @@ schema: 2.0.0 ## Synopsis -Creates an application segments associated to a Private Access application. +Creates an application segment associated to a Private Access application. ## Description -The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segments associated to a Private Access application. +The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segment associated to a Private Access application. ## Examples @@ -64,7 +64,7 @@ protocol : tcp,udp id : cccc2222-dd33-4444-55ee-666666ffffff ``` -### Example 3: Create application segments using an input file +### Example 3: Create application segment using an input file AppSegments.csv From 4cb0ac4ecf382e5756873e5ffcd77fbf2d10c59a Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Wed, 17 Jul 2024 21:53:05 +1000 Subject: [PATCH 06/51] App segment management --- ...traBetaPrivateAccessApplicationSegment.ps1 | 34 ++++++ ...traBetaPrivateAccessApplicationSegment.ps1 | 82 +++++++++++++ ...traBetaPrivateAccessApplicationSegment.ps1 | 23 ++++ ...ntraBetaPrivateAccessApplicationSegment.md | 109 ++++++++++++++++++ 4 files changed, 248 insertions(+) create mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..7ee975e66 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,34 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Get-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding(DefaultParameterSetName = 'AllApplicationSegments')] + param ( + + [Alias('id')] + [Parameter(Mandatory = $True, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [string] + $ObjectId, + + [Parameter(Mandatory = $False, Position = 2, ParameterSetName = 'SingleApplicationSegment')] + [string] + $ApplicationSegmentId + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + switch ($PSCmdlet.ParameterSetName) { + "AllApplicationSegments" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectId/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments" + $response.value + break + } + "SingleApplicationSegment" { + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectId/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/$ApplicationSegmentId" + break + } + } + } +} diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..6a653565b --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,82 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function New-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding()] + param ( + + [Alias('id')] + [Parameter(Mandatory = $True, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [string] + $ObjectID, + + [Parameter(Mandatory = $True)] + [string] + $DestinationHost, + + [Parameter(Mandatory = $False)] + [string[]] + $Ports, + + [Parameter(Mandatory = $False)] + [ValidateSet("TCP", "UDP")] + [string[]] + $Protocol, + + [Parameter(Mandatory = $True)] + [ValidateSet("ipAddress", "dnsSuffix", "ipRangeCidr","ipRange","FQDN")] + [string] + $DestinationType + ) + + PROCESS { + + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + $portRanges = @() + + foreach ($port in $Ports){ + if (!$port.Contains("-")) { + $portRanges += $port + "-" + $port + } + else { + $portRanges += $port + } + } + + if ($DestinationType -eq "dnsSuffix") + { + $body = @{ + destinationHost = $DestinationHost.ToLower() + destinationType = 'dnsSuffix' + } + } + else + { + switch ($DestinationType) { + "ipAddress" { $dstType = 'ip' } + "ipRange" { $dstType = 'ipRange' } + "fqdn" { $dstType = 'fqdn' } + "ipRangeCidr" { $dstType = 'ipRangeCidr' } + } + $body = @{ + destinationHost = $DestinationHost.ToLower() + protocol = $Protocol.ToLower() -join "," + ports = $portRanges + destinationType = $dstType + } + } + + $bodyJson = $body | ConvertTo-Json -Depth 99 -Compress + + $params = @{ + Method = 'POST' + Uri = "https://graph.microsoft.com/beta/applications/$ObjectID/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/" + Headers = $customHeaders + Body = $bodyJson + OutputType = 'PSObject' + } + + Invoke-GraphRequest @params +} +} diff --git a/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 new file mode 100644 index 000000000..337756f42 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Remove-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -0,0 +1,23 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Remove-EntraBetaPrivateAccessApplicationSegment { + + [CmdletBinding()] + param ( + [Parameter(Mandatory = $True, Position = 1)] + [string] + $ObjectID, + + [Parameter(Mandatory = $False, Position = 2)] + [string] + $ApplicationSegmentId + ) + + PROCESS { + + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + Invoke-GraphRequest -Method DELETE -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectID/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments/$ApplicationSegmentId" + } +} diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..cfcf96e44 --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,109 @@ +--- +title: Get-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the Get-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 06/26/2024 +ms.author: andres-canello +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Get-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +## Description +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +## Examples + +### Example 1: Retrieve all application segments associated to an application +```powershell +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -Objectid b97db9dd-85c7-4365-ac05-bd824728ab83 +``` +```output +destinationHost : 10.1.1.20 +destinationType : ip +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 + +destinationHost : 10.20.20.20 +destinationType : ip +port : 0 +ports : {8080-8080} +protocol : tcp +id : 47da55f4-26b1-47ab-a34c-20a86a5e22a7 +``` + +This command retrieves all application segments for an application. + +### Example 2: Retrieve a specific application segment associated to an application +```powershell +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` +```output +destinationHost : 10.1.1.20 +destinationType : ip +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +This example demonstrates how to retrieve information for a specific application segment. + +## Parameters + +### -Objectid +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: AllApplicationSegments, SingleApplicationSegment +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationSegmentId +Specifies a specific application segment to retrieve. + +```yaml +Type: String +Parameter Sets: SingleApplicationSegment +Aliases: + +Required: False +Position: 2, Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file From e268cbab07ba1ddda6d962755b27d87615447130 Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 18 Jul 2024 10:56:00 +1000 Subject: [PATCH 07/51] Update Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index cfcf96e44..e485ce887 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the Get-EntraBetaPrivateAccessAppl ms.topic: reference ms.date: 06/26/2024 -ms.author: andres-canello +ms.author: andresc ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello From f66f23f6aaa10d38942dbb6304b68f2aaccf281b Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 18 Jul 2024 11:55:16 +1000 Subject: [PATCH 08/51] More docs --- ...ntraBetaPrivateAccessApplicationSegment.md | 8 +- ...ntraBetaPrivateAccessApplicationSegment.md | 174 ++++++++++++++++++ ...ntraBetaPrivateAccessApplicationSegment.md | 77 ++++++++ 3 files changed, 255 insertions(+), 4 deletions(-) create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index e485ce887..1fb85137b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -17,16 +17,16 @@ schema: 2.0.0 # Get-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Description -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. +The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Examples ### Example 1: Retrieve all application segments associated to an application ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -Objectid b97db9dd-85c7-4365-ac05-bd824728ab83 +PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 ``` ```output destinationHost : 10.1.1.20 @@ -63,7 +63,7 @@ This example demonstrates how to retrieve information for a specific application ## Parameters -### -Objectid +### -ObjectId The object id of a Private Access application object. ```yaml diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..94a0b6d9d --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,174 @@ +--- +title: New-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the New-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 07/18/2024 +ms.author: andresc +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# New-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +## Description +The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +## Examples + +### Example 1: Create a simple application segment +```powershell +PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost ssh.contoso.local -Ports 22 -Protocol TCP -DestinationType FQDN +``` +```output +destinationHost : ssh.contoso.local +destinationType : FQDN +port : 0 +ports : {22-22} +protocol : tcp +id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +### Example 2: Create an application segment using ranges of IPs and multiple ports +```powershell +PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost 192.168.1.100..192.168.1.110 -Ports 22,3389 -Protocol TCP,UDP -DestinationType ipRange +``` +```output +destinationHost : 192.168.1.100..192.168.1.110 +destinationType : ipRange +port : 0 +ports : {22-22, 3389-3389} +protocol : tcp,udp +id : 36b4dd89-3a6f-44b8-9e5b-d5be08688977 +``` + +### Example 3: Create application segments using an input file + +AppSegments.csv + +AppOId,DestHost,ports,protocol,type\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ +58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.95.0/24,"1-21","udp",ipRangeCidr + +CreateAppSegments.ps1 +```powershell +$csvFile = "C:\temp\AppSegments.csv" + +# Assuming the CSV file has columns named 'AppOId', 'DestHost', 'ports', 'protocol', 'type' +$variables = Import-Csv $csvFile + +# Loop through each row of the CSV and execute the command for each set of variables +foreach ($variable in $variables) { + $AppOId = $variable.AppOId + $DestHost = $variable.DestHost + $ports = $variable.ports -split "," + $protocol = $variable.protocol -split "," + $type = $variable.type + + # Execute the command + New-EntraBetaPrivateAccessApplicationSegment -ObjectId $AppOId -DestinationHost $DestHost -Ports $ports -Protocol $protocol -DestinationType $type +} +``` + + +## Parameters + +### -ObjectId +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DestinationHost +Destination host for the application segment. It can be an IP address, a range of IPs (10.10.10.1..10.10.10.200), a CIDR range (10.1.1.0/24) or an FQDN (ssh.contoso.local). Additionally, DNS suffixes for Quick Access can be created with dnsSuffix. + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Ports +Ports for the application segment. It can be a single port, a range (1..100) or a list (22,3389). + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Protocol +Protocol for the application segment. It can be a single protocol (TCP) or a list (TCP,UDP). + +```yaml +Type: System.Collections.Generic.List`1[System.String] +Parameter Sets: +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DestinationType +Destination type for the application segment. It can be "ipAddress", "dnsSuffix", "ipRangeCidr", "ipRange", or "FQDN". + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md new file mode 100644 index 000000000..9ad150917 --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -0,0 +1,77 @@ +--- +title: Remove-EntraBetaPrivateAccessApplicationSegment +description: This article provides details on the Remove-EntraBetaPrivateAccessApplicationSegment command. + +ms.topic: reference +ms.date: 07/18/2024 +ms.author: andresc +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Remove-EntraBetaPrivateAccessApplicationSegment + +## Synopsis +The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. + +## Description +The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. + +## Examples + +### Example 1: Delete an application segment +```powershell +PS C:\> Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +``` + +## Parameters + +### -ObjectId +The object id of a Private Access application object. + +```yaml +Type: String +Parameter Sets: +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ApplicationSegmentId +The application segment id of the application segment to be deleted. + +```yaml +Type: String +Parameter Sets: +Aliases: + +Required: True +Position: 2, Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object +## Notes + +## RELATED LINKS \ No newline at end of file From 9cdce0043720e9a5d09e801cc41359e41c157d70 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Wed, 24 Jul 2024 01:09:52 +0300 Subject: [PATCH 09/51] Docs update - formatting --- ...ntraBetaPrivateAccessApplicationSegment.md | 44 ++++++--- ...ntraBetaPrivateAccessApplicationSegment.md | 95 ++++++++++++------- ...ntraBetaPrivateAccessApplicationSegment.md | 10 +- 3 files changed, 101 insertions(+), 48 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 1fb85137b..9f678b731 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -17,46 +17,57 @@ schema: 2.0.0 # Get-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +Retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Description -The Get-EntraBetaPrivateAccessApplicationSegment cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. + +The `Get-EntraBetaPrivateAccessApplicationSegment` cmdlet retrieves a list of all application segments associated to a Private Access application, or if specified, details of a specific application segment. ## Examples ### Example 1: Retrieve all application segments associated to an application + ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 +Get-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' ``` -```output + +```Output destinationHost : 10.1.1.20 destinationType : ip port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff destinationHost : 10.20.20.20 destinationType : ip port : 0 ports : {8080-8080} protocol : tcp -id : 47da55f4-26b1-47ab-a34c-20a86a5e22a7 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` This command retrieves all application segments for an application. ### Example 2: Retrieve a specific application segment associated to an application + ```powershell -PS C:\> Get-EntraBetaPrivateAccessApplicationSegment b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +$params = @{ + ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + ApplicationSegmentId = 'cccc2222-dd33-4444-55ee-666666ffffff' +} + +Get-EntraBetaPrivateAccessApplicationSegment @params ``` -```output + +```Output destinationHost : 10.1.1.20 destinationType : ip port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` This example demonstrates how to retrieve information for a specific application segment. @@ -64,10 +75,11 @@ This example demonstrates how to retrieve information for a specific application ## Parameters ### -ObjectId -The object id of a Private Access application object. + +The Object ID of a Private Access application object. ```yaml -Type: String +Type: System.String Parameter Sets: AllApplicationSegments, SingleApplicationSegment Aliases: id @@ -79,10 +91,11 @@ Accept wildcard characters: False ``` ### -ApplicationSegmentId + Specifies a specific application segment to retrieve. ```yaml -Type: String +Type: System.String Parameter Sets: SingleApplicationSegment Aliases: @@ -94,16 +107,19 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 94a0b6d9d..98395f670 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the New-EntraBetaPrivateAccessAppl ms.topic: reference ms.date: 07/18/2024 -ms.author: andresc +ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello @@ -17,77 +17,100 @@ schema: 2.0.0 # New-EntraBetaPrivateAccessApplicationSegment ## Synopsis -The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +Creates an application segments associated to a Private Access application. ## Description -The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segments associated to a Private Access application. + +The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segments associated to a Private Access application. ## Examples ### Example 1: Create a simple application segment + ```powershell -PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost ssh.contoso.local -Ports 22 -Protocol TCP -DestinationType FQDN +New-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -DestinationHost 'ssh.contoso.local' -Ports 22 -Protocol TCP -DestinationType FQDN ``` -```output + +```Output destinationHost : ssh.contoso.local destinationType : FQDN port : 0 ports : {22-22} protocol : tcp -id : 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` ### Example 2: Create an application segment using ranges of IPs and multiple ports + ```powershell -PS C:\> New-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -DestinationHost 192.168.1.100..192.168.1.110 -Ports 22,3389 -Protocol TCP,UDP -DestinationType ipRange +$params = @{ + ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + DestinationHost = '192.168.1.100..192.168.1.110' + Ports = '22,3389' + Protocol = 'TCP,UDP' + DestinationType = 'ipRange' +} + +New-EntraBetaPrivateAccessApplicationSegment @params ``` -```output + +```Output destinationHost : 192.168.1.100..192.168.1.110 destinationType : ipRange port : 0 ports : {22-22, 3389-3389} protocol : tcp,udp -id : 36b4dd89-3a6f-44b8-9e5b-d5be08688977 +id : cccc2222-dd33-4444-55ee-666666ffffff ``` ### Example 3: Create application segments using an input file AppSegments.csv -AppOId,DestHost,ports,protocol,type\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ -58c59e74-5b92-4578-bef5-36b86ac97f0a,10.106.95.0/24,"1-21","udp",ipRangeCidr +AppObjectId,DestHost,ports,protocol,type\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr\ +00001111-aaaa-2222-bbbb-3333cccc4444,10.106.95.0/24,"1-21","udp",ipRangeCidr CreateAppSegments.ps1 + ```powershell -$csvFile = "C:\temp\AppSegments.csv" - -# Assuming the CSV file has columns named 'AppOId', 'DestHost', 'ports', 'protocol', 'type' +$csvFile = "C:\temp\AppSegments.csv" + +# Assuming the CSV file has columns named 'AppObjectId', 'DestHost', 'ports', 'protocol', 'type' $variables = Import-Csv $csvFile - + # Loop through each row of the CSV and execute the command for each set of variables foreach ($variable in $variables) { - $AppOId = $variable.AppOId + $AppObjectId = $variable.AppObjectId $DestHost = $variable.DestHost $ports = $variable.ports -split "," $protocol = $variable.protocol -split "," $type = $variable.type - + # Execute the command - New-EntraBetaPrivateAccessApplicationSegment -ObjectId $AppOId -DestinationHost $DestHost -Ports $ports -Protocol $protocol -DestinationType $type + $params = @{ + ObjectId = $AppObjectId + DestinationHost = $DestHost + Ports = $ports + Protocol = $protocol + DestinationType = $type + } + + New-EntraBetaPrivateAccessApplicationSegment @params } ``` - ## Parameters ### -ObjectId -The object id of a Private Access application object. + +The object ID of a Private Access application object. ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: id Required: True @@ -98,11 +121,12 @@ Accept wildcard characters: False ``` ### -DestinationHost + Destination host for the application segment. It can be an IP address, a range of IPs (10.10.10.1..10.10.10.200), a CIDR range (10.1.1.0/24) or an FQDN (ssh.contoso.local). Additionally, DNS suffixes for Quick Access can be created with dnsSuffix. ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: Required: True @@ -113,11 +137,12 @@ Accept wildcard characters: False ``` ### -Ports + Ports for the application segment. It can be a single port, a range (1..100) or a list (22,3389). ```yaml Type: System.Collections.Generic.List`1[System.String] -Parameter Sets: +Parameter Sets: Aliases: Required: False @@ -128,11 +153,12 @@ Accept wildcard characters: False ``` ### -Protocol + Protocol for the application segment. It can be a single protocol (TCP) or a list (TCP,UDP). ```yaml Type: System.Collections.Generic.List`1[System.String] -Parameter Sets: +Parameter Sets: Aliases: Required: False @@ -143,11 +169,12 @@ Accept wildcard characters: False ``` ### -DestinationType + Destination type for the application segment. It can be "ipAddress", "dnsSuffix", "ipRangeCidr", "ipRange", or "FQDN". ```yaml -Type: String -Parameter Sets: +Type: System.String +Parameter Sets: Aliases: Required: True @@ -157,18 +184,20 @@ Accept pipeline input: False Accept wildcard characters: False ``` - ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md index 9ad150917..d3a1274ff 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -17,21 +17,25 @@ schema: 2.0.0 # Remove-EntraBetaPrivateAccessApplicationSegment ## Synopsis + The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. ## Description + The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. ## Examples ### Example 1: Delete an application segment + ```powershell -PS C:\> Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 ``` ## Parameters ### -ObjectId + The object id of a Private Access application object. ```yaml @@ -47,6 +51,7 @@ Accept wildcard characters: False ``` ### -ApplicationSegmentId + The application segment id of the application segment to be deleted. ```yaml @@ -62,16 +67,19 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ### System.String + System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] ## Outputs ### System.Object + ## Notes ## RELATED LINKS \ No newline at end of file From 7dd0ec65dabe777acc91414eddda07e8ba833099 Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 25 Jul 2024 21:34:50 +1000 Subject: [PATCH 10/51] Update New-EntraBetaPrivateAccessApplicationSegment.md --- .../New-EntraBetaPrivateAccessApplicationSegment.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 98395f670..7263a97a4 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -18,11 +18,11 @@ schema: 2.0.0 ## Synopsis -Creates an application segments associated to a Private Access application. +Creates an application segment associated to a Private Access application. ## Description -The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segments associated to a Private Access application. +The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application segment associated to a Private Access application. ## Examples @@ -64,7 +64,7 @@ protocol : tcp,udp id : cccc2222-dd33-4444-55ee-666666ffffff ``` -### Example 3: Create application segments using an input file +### Example 3: Create application segment using an input file AppSegments.csv From d0f51fc11e3132df04777d3386e35f80463c325a Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:33:10 +1000 Subject: [PATCH 11/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md Co-authored-by: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 9f678b731..7fe737677 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the Get-EntraBetaPrivateAccessAppl ms.topic: reference ms.date: 06/26/2024 -ms.author: andresc +ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello From a935f1c008de1c1f6e6d1ad6e68d996b4279fecd Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:36:31 +1000 Subject: [PATCH 12/51] Apply suggestions from code review Co-authored-by: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> --- ...ntraBetaPrivateAccessApplicationSegment.md | 13 ++++++- ...ntraBetaPrivateAccessApplicationSegment.md | 20 +++++++++- ...ntraBetaPrivateAccessApplicationSegment.md | 37 ++++++++++++++----- 3 files changed, 56 insertions(+), 14 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 7fe737677..e59de8947 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -29,7 +29,8 @@ The `Get-EntraBetaPrivateAccessApplicationSegment` cmdlet retrieves a list of al ### Example 1: Retrieve all application segments associated to an application ```powershell -Get-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' +$ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId +Get-EntraBetaPrivateAccessApplicationSegment -ObjectId $ApplicationObjectId ``` ```Output @@ -53,8 +54,11 @@ This command retrieves all application segments for an application. ### Example 2: Retrieve a specific application segment associated to an application ```powershell +```powershell +$ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId + $params = @{ - ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + ObjectId = $ApplicationObjectId ApplicationSegmentId = 'cccc2222-dd33-4444-55ee-666666ffffff' } @@ -123,3 +127,8 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## Notes ## RELATED LINKS + +[Get-EntraBetaApplication](Get-EntraBetaApplication.md) +[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) +[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) + diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 7263a97a4..c8fd17d5c 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -29,7 +29,17 @@ The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application ### Example 1: Create a simple application segment ```powershell -New-EntraBetaPrivateAccessApplicationSegment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -DestinationHost 'ssh.contoso.local' -Ports 22 -Protocol TCP -DestinationType FQDN +$ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId + +$params = @{ + ObjectId = $ApplicationObjectId + DestinationHost = 'ssh.contoso.local' + Ports = 22 + Protocol = 'TCP' + DestinationType = 'FQDN' +} + +New-EntraBetaPrivateAccessApplicationSegment @params ``` ```Output @@ -44,8 +54,10 @@ id : cccc2222-dd33-4444-55ee-666666ffffff ### Example 2: Create an application segment using ranges of IPs and multiple ports ```powershell +$ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId + $params = @{ - ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' + ObjectId = $ApplicationObjectId DestinationHost = '192.168.1.100..192.168.1.110' Ports = '22,3389' Protocol = 'TCP,UDP' @@ -201,3 +213,7 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## Notes ## RELATED LINKS + +[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) +[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) +[Get-EntraBetaApplication](Get-EntraBetaApplication.md) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md index d3a1274ff..0bd56030b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -4,7 +4,7 @@ description: This article provides details on the Remove-EntraBetaPrivateAccessA ms.topic: reference ms.date: 07/18/2024 -ms.author: andresc +ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG author: andres-canello @@ -18,28 +18,41 @@ schema: 2.0.0 ## Synopsis -The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. +Removes an application segment associated to a Private Access application. ## Description -The Remove-EntraBetaPrivateAccessApplicationSegment cmdlet deletes an application segments associated to a Private Access application. +The `Remove-EntraBetaPrivateAccessApplicationSegment` cmdlet removes application segments associated to a Private Access application. ## Examples ### Example 1: Delete an application segment ```powershell -Remove-EntraBetaPrivateAccessApplicationSegment -ObjectId b97db9dd-85c7-4365-ac05-bd824728ab83 -ApplicationSegmentId 89a0ff5a-0440-4411-8f1c-d4e0be0635c8 +$ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId +$ApplicationSegmentId = (Get-EntraBetaPrivateAccessApplicationSegment -ObjectId $ApplicationObjectId -Top 1).Id + +$params = @{ + ObjectId = $ApplicationObjectId + ApplicationSegmentId = $ApplicationSegmentId +} + +Remove-EntraBetaPrivateAccessApplicationSegment @params ``` +This example shows how to remove an application segment associated to a Private Access application. + +- `ObjectId` is the application Object ID of the Private Access Application. +- `ApplicationSegmentId` is the application segment identifier to be deleted. + ## Parameters ### -ObjectId -The object id of a Private Access application object. +The object ID of a Private Access application object. ```yaml -Type: String +Type: System.String Parameter Sets: Aliases: id @@ -52,10 +65,10 @@ Accept wildcard characters: False ### -ApplicationSegmentId -The application segment id of the application segment to be deleted. +The application segment ID of the application segment to be deleted. ```yaml -Type: String +Type: System.String Parameter Sets: Aliases: @@ -68,7 +81,7 @@ Accept wildcard characters: False ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs @@ -82,4 +95,8 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS + +[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) +[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) +[Get-EntraBetaApplication](Get-EntraBetaApplication.md) From 26e2bcbf1880fdfa395abeb73ac275b772c8aa66 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:22:40 +0300 Subject: [PATCH 13/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index e59de8947..a8d091717 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -129,6 +129,8 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## RELATED LINKS [Get-EntraBetaApplication](Get-EntraBetaApplication.md) + [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) + [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) From a56ab5dad4a0e74afb0da01b2b2549b49befb767 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:23:14 +0300 Subject: [PATCH 14/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md --- .../New-EntraBetaPrivateAccessApplicationSegment.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index c8fd17d5c..bd1147671 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -215,5 +215,7 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## RELATED LINKS [Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) + [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) + [Get-EntraBetaApplication](Get-EntraBetaApplication.md) From cbba6996571878d592d7db109ddeb92eaff7eace Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:23:46 +0300 Subject: [PATCH 15/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md --- .../Remove-EntraBetaPrivateAccessApplicationSegment.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md index 0bd56030b..b1a6f36e1 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -98,5 +98,7 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## RELATED LINKS [Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) + [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) + [Get-EntraBetaApplication](Get-EntraBetaApplication.md) From a7cbea460fd4278847a043aa346d7a3aa1ac7225 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:50:46 +0300 Subject: [PATCH 16/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index a8d091717..5e630004e 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -40,13 +40,6 @@ port : 0 ports : {22-22} protocol : tcp id : cccc2222-dd33-4444-55ee-666666ffffff - -destinationHost : 10.20.20.20 -destinationType : ip -port : 0 -ports : {8080-8080} -protocol : tcp -id : cccc2222-dd33-4444-55ee-666666ffffff ``` This command retrieves all application segments for an application. From 9b0676d3fbfd24dac2b52ef3fd1305dbf3ad8402 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:55:28 +0300 Subject: [PATCH 17/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 5e630004e..1fde8c935 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -47,7 +47,7 @@ This command retrieves all application segments for an application. ### Example 2: Retrieve a specific application segment associated to an application ```powershell -```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' $ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId $params = @{ From b0c6b3f5c96a9e129dd13336a8f0043d7cd7fc0d Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:55:37 +0300 Subject: [PATCH 18/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md --- .../Get-EntraBetaPrivateAccessApplicationSegment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md index 1fde8c935..bdb7fd2d8 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplicationSegment.md @@ -29,6 +29,7 @@ The `Get-EntraBetaPrivateAccessApplicationSegment` cmdlet retrieves a list of al ### Example 1: Retrieve all application segments associated to an application ```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' $ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId Get-EntraBetaPrivateAccessApplicationSegment -ObjectId $ApplicationObjectId ``` From 0cb78d77ca3c431419f8f291ae949b3b9f7e469e Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:56:20 +0300 Subject: [PATCH 19/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md --- .../New-EntraBetaPrivateAccessApplicationSegment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index bd1147671..97789f9f2 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -29,6 +29,7 @@ The `New-EntraBetaPrivateAccessApplicationSegment` cmdlet creates an application ### Example 1: Create a simple application segment ```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' $ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId $params = @{ From e15988504552ba78d5e1a25e9bcfc2817a518cac Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:56:55 +0300 Subject: [PATCH 20/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md --- .../New-EntraBetaPrivateAccessApplicationSegment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md index 97789f9f2..96cb1b52d 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplicationSegment.md @@ -55,6 +55,7 @@ id : cccc2222-dd33-4444-55ee-666666ffffff ### Example 2: Create an application segment using ranges of IPs and multiple ports ```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' $ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId $params = @{ From 32fa4c61d571eaf4ef70ae23baa9c7c44528f4ee Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:58:01 +0300 Subject: [PATCH 21/51] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md --- .../Remove-EntraBetaPrivateAccessApplicationSegment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md index b1a6f36e1..47683fd02 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaPrivateAccessApplicationSegment.md @@ -29,6 +29,7 @@ The `Remove-EntraBetaPrivateAccessApplicationSegment` cmdlet removes application ### Example 1: Delete an application segment ```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' $ApplicationObjectId = (Get-EntraBetaApplication -Filter "DisplayName eq ''").ObjectId $ApplicationSegmentId = (Get-EntraBetaPrivateAccessApplicationSegment -ObjectId $ApplicationObjectId -Top 1).Id From 629b5f7ebe7545e596160f7f4b6a89aedca3420e Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Thu, 1 Aug 2024 10:13:32 +1000 Subject: [PATCH 22/51] GSA commands --- ...etaGlobalSecureAccessForwardingProfile.ps1 | 31 +++++++++++++++ ...ntraBetaGlobalSecureAccessTenantStatus.ps1 | 15 ++++++++ .../Get-EntraBetaPrivateAccessApplication.ps1 | 38 +++++++++++++++++++ .../New-EntraBetaGlobalSecureAccessTenant.ps1 | 15 ++++++++ ...etaGlobalSecureAccessForwardingProfile.ps1 | 30 +++++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 new file mode 100644 index 000000000..32d37ca77 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 @@ -0,0 +1,31 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Get-EntraBetaGlobalSecureAccessForwardingProfile { + + param ( + + [Parameter(Mandatory = $False, Position = 1)] + [System.String] + $ForwardingProfileId + + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + if($null -ne $PSBoundParameters["ForwardingProfileId"]){ + + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/$ForwardingProfileId" + $response + + } + else { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/" + $response.value + } + } + +} + + diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 new file mode 100644 index 000000000..84459fd11 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 @@ -0,0 +1,15 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Get-EntraBetaGlobalSecureAccessTenantStatus { + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/tenantStatus" + $response + + } + +} diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 new file mode 100644 index 000000000..76b1dc4e7 --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -0,0 +1,38 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Get-EntraBetaPrivateAccessApplication { + + [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] + param ( + + [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] + [string] + $ObjectID, + + [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] + [string] + $ApplicationName + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + switch ($PSCmdlet.ParameterSetName) { + "AllPrivateAccessApps" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')' + $response.value + break + } + "SingleAppID" { + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectID/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" + break + } + "SingleAppName" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'" + $response.value + break + } + } + } +} diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 new file mode 100644 index 000000000..120984a2d --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 @@ -0,0 +1,15 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function New-EntraBetaGlobalSecureAccessTenant { + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + + $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" + $response + + } + +} diff --git a/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 b/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 new file mode 100644 index 000000000..143055d4d --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 @@ -0,0 +1,30 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function Set-EntraBetaGlobalSecureAccessForwardingProfile { + + param ( + + [Parameter(Mandatory = $True, Position = 1)] + [System.String] + $ForwardingProfileId, + + [Parameter(Mandatory = $True, Position = 2)] + [ValidateSet("Enabled", "Disabled")] + [System.String] + $State + + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + $body = @{state = $State.ToLower()} + $bodyJson = $body | ConvertTo-Json -Depth 99 -Compress + + Invoke-GraphRequest -Method PATCH -Body $bodyJson -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/$ForwardingProfileId" + + } +} + + From d3b8d78bb78b3bb21ae0b1dbf54e0e7080475ee8 Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:36:01 +1000 Subject: [PATCH 23/51] New commands --- ...etaGlobalSecureAccessForwardingProfile.ps1 | 31 ---- .../New-EntraBetaPrivateAccessApplication.ps1 | 70 +++++++++ ...etaGlobalSecureAccessForwardingProfile.ps1 | 30 ---- ...EntraBetaGlobalSecureAccessTenantStatus.md | 67 ++++++++ .../Get-EntraBetaPrivateAccessApplication.md | 147 ++++++++++++++++++ .../New-EntraBetaGlobalSecureAccessTenant.md | 62 ++++++++ .../New-EntraBetaPrivateAccessApplication.md | 104 +++++++++++++ 7 files changed, 450 insertions(+), 61 deletions(-) delete mode 100644 module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 create mode 100644 module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 delete mode 100644 module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md create mode 100644 module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 deleted file mode 100644 index 32d37ca77..000000000 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessForwardingProfile.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -function Get-EntraBetaGlobalSecureAccessForwardingProfile { - - param ( - - [Parameter(Mandatory = $False, Position = 1)] - [System.String] - $ForwardingProfileId - - ) - - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - - if($null -ne $PSBoundParameters["ForwardingProfileId"]){ - - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/$ForwardingProfileId" - $response - - } - else { - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/" - $response.value - } - } - -} - - diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 new file mode 100644 index 000000000..a49a138ea --- /dev/null +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 @@ -0,0 +1,70 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +function New-EntraBetaPrivateAccessApplication { + + [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] + param ( + + [Parameter(Mandatory = $True, Position = 1)] + [string] + $ApplicationName, + + [Parameter(Mandatory = $False, Position = 2)] + [string] + $ConnectorGroupId + ) + + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + + + $bodyJson = @{displayName = $ApplicationName} | ConvertTo-Json -Depth 99 -Compress + + # Instantiate the Private Access app + + try { + $newApp = Invoke-GraphRequest -Method POST -Headers $customHeaders -Uri https://graph.microsoft.com/beta/applicationTemplates/8adf8e6e-67b2-4cf2-a259-e3dc5476c621/instantiate -Body $bodyJson + } + catch { + Write-Error "Failed to create the Private Access app. Error: $_" + return + } + + $bodyJson = @{ + "onPremisesPublishing" = @{ + "applicationType" = "nonwebapp" + "isAccessibleViaZTNAClient" = $true + } + } | ConvertTo-Json -Depth 99 -Compress + + $newAppId = $newApp.application.objectId + + # Set the Private Access app to be accessible via the ZTNA client + $params = @{ + Method = 'PATCH' + Uri = "https://graph.microsoft.com/beta/applications/$newAppId/" + Body = $bodyJson + + } + + Invoke-GraphRequest @params + + $bodyJson = @{ + "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId" + } | ConvertTo-Json -Depth 99 -Compress + + # If ConnectorGroupId has been specified, assign the connector group to the app, otherwise the default connector group will be assigned. + if ($ConnectorGroupId) { + + $params = @{ + Method = 'PUT' + Uri = "https://graph.microsoft.com/beta/applications/$newAppId/connectorGroup/`$ref" + Body = $bodyJson + } + + Invoke-GraphRequest @params + } + + } +} diff --git a/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 b/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 deleted file mode 100644 index 143055d4d..000000000 --- a/module/EntraBeta/AdditionalFunctions/Set-EntraBetaGlobalSecureAccessForwardingProfile.ps1 +++ /dev/null @@ -1,30 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -function Set-EntraBetaGlobalSecureAccessForwardingProfile { - - param ( - - [Parameter(Mandatory = $True, Position = 1)] - [System.String] - $ForwardingProfileId, - - [Parameter(Mandatory = $True, Position = 2)] - [ValidateSet("Enabled", "Disabled")] - [System.String] - $State - - ) - - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - - $body = @{state = $State.ToLower()} - $bodyJson = $body | ConvertTo-Json -Depth 99 -Compress - - Invoke-GraphRequest -Method PATCH -Body $bodyJson -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingProfiles/$ForwardingProfileId" - - } -} - - diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md new file mode 100644 index 000000000..988b4265e --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -0,0 +1,67 @@ +--- +title: Get-EntraBetaGlobalSecureAccessTenantStatus +description: This article provides details on the Get-EntraBetaGlobalSecureAccessTenantStatus command. + +ms.topic: reference +ms.date: 10/19/2024 +ms.author: eunicewaweru +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Get-EntraBetaGlobalSecureAccessTenantStatus + +## Synopsis + +Retrieves the onboarding status of the Global Secure Access service in the tenant. + +## Description + +The `Get-EntraBetaGlobalSecureAccessTenantStatus` cmdlet retrieves the onboarding status of the Global Secure Access service in the tenant + +## Example + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +Get-EntraBetaGlobalSecureAccessTenantStatus +``` + +```Output +@odata.context : https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity +onboardingStatus : onboarded +onboardingErrorMessage : +``` + +This command retrieves the onboarding status of the Global Secure Access service in the tenant. + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String + +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object + +## Notes + +## RELATED LINKS + +[Get-EntraBetaApplication](Get-EntraBetaApplication.md) + +[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) + +[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) + +[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) + diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md new file mode 100644 index 000000000..984776f5f --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md @@ -0,0 +1,147 @@ +--- +title: Get-EntraBetaPrivateAccessApplication +description: This article provides details on the Get-EntraBetaPrivateAccessApplication command. + +ms.topic: reference +ms.date: 10/19/2024 +ms.author: eunicewaweru +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# Get-EntraBetaPrivateAccessApplication + +## Synopsis + +Retrieves a list of all Private Access applications, or if specified, details of a specific application. + +## Description + +The `Get-EntraBetaPrivateAccessApplication` cmdlet retrieves a list of all Private Access applications, or if specified, details of a specific application. + +## Examples + +### Example 1: Retrieve all Private Access applications + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +Get-EntraBetaPrivateAccessApplication +``` + +```Output +displayName : testApp1 +appId : b8a10d3c-0000-4d0b-9b31-d24a097a1e02 +id : 8f139194-c876-0000-af51-8aeb7f1fb9d4 +tags : {IsAccessibleViaZTNAClient, HideApp, PrivateAccessNonWebApplication} +createdDateTime : 14/06/2024 12:38:50 AM + +displayName : QuickAccess +appId : d2d253be-0000-4d93-a5e4-5c0aca66ef5e +id : a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +tags : {HideApp, NetworkAccessQuickAccessApplication} +createdDateTime : 4/07/2023 4:00:07 AM +``` + +This command retrieves all Private Access applications, including Quick Access. + +### Example 2: Retrieve a specific Private Access application by object id + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' + +Get-EntraBetaPrivateAccessApplication -ObjectID a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +``` + +```Output +displayName : QuickAccess +appId : d2d253be-0000-4d93-a5e4-5c0aca66ef5e +id : a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +tags : {HideApp, NetworkAccessQuickAccessApplication} +createdDateTime : 4/07/2023 4:00:07 AM +``` + +This example demonstrates how to retrieve information for a specific Private Access application by object id. + +### Example 3: Retrieve a specific Private Access application by name + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' + +Get-EntraBetaPrivateAccessApplication -ApplicationName testApp1 +``` + +```Output +displayName : testApp1 +appId : b8a10d3c-0000-4d0b-9b31-d24a097a1e02 +id : 8f139194-c876-0000-af51-8aeb7f1fb9d4 +tags : {IsAccessibleViaZTNAClient, HideApp, PrivateAccessNonWebApplication} +createdDateTime : 14/06/2024 12:38:50 AM +``` + +This example demonstrates how to retrieve information for a specific Private Access application by application name. + +## Parameters + +### -ObjectId + +The Object ID of a Private Access application object. + +```yaml +Type: System.String +Parameter Sets: SingleAppID +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ApplicationName + +Specifies a specific application name to retrieve. + +```yaml +Type: System.String +Parameter Sets: SingleAppName +Aliases: + +Required: False +Position: 2, Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String + +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object + +## Notes + +## RELATED LINKS + +[Get-EntraBetaApplication](Get-EntraBetaApplication.md) + +[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) + +[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) + +[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) + diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md new file mode 100644 index 000000000..9193d53c7 --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md @@ -0,0 +1,62 @@ +--- +title: New-EntraBetaGlobalSecureAccessTenant +description: This article provides details on the New-EntraBetaGlobalSecureAccessTenant command. + +ms.topic: reference +ms.date: 10/19/2024 +ms.author: eunicewaweru +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# New-EntraBetaGlobalSecureAccessTenant + +## Synopsis + +Onboard the Global Secure Access service in the tenant. + +## Description + +The `New-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant. + +## Example + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +New-EntraBetaGlobalSecureAccessTenant +``` + +```Output +@odata.context : https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity +onboardingStatus : onboarded +onboardingErrorMessage : +``` + +This command onboards the Global Secure Access service in the tenant. + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String + +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object + +## Notes + +## RELATED LINKS + +[Get-EntraBetaGlobalSecureAccessTenantStatus](Get-EntraBetaGlobalSecureAccessTenantStatus.md) + + diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md new file mode 100644 index 000000000..7d1a54d2d --- /dev/null +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md @@ -0,0 +1,104 @@ +--- +title: New-EntraBetaPrivateAccessApplication +description: This article provides details on the New-EntraBetaPrivateAccessApplication command. + +ms.topic: reference +ms.date: 10/19/2024 +ms.author: eunicewaweru +ms.reviewer: stevemutungi +manager: CelesteDG +author: andres-canello +external help file: Microsoft.Graph.Entra.Beta-Help.xml +Module Name: Microsoft.Graph.Entra.Beta +online version: +schema: 2.0.0 +--- + +# New-EntraBetaPrivateAccessApplication + +## Synopsis + +Creates a Private Access applications and assigns a connector group to it. + +## Description + +The `New-EntraBetaPrivateAccessApplication` cmdlet creates a Private Access applications and assigns a connector group to it. + +## Examples + +### Example 1: Create a new Private Access app and assign the default connector group + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 +``` +This example demonstrates how to create a new Private Access application called TestApp1 and assign the default connector group to it. + +### Example 2: Create a new Private Access app and assign a specific connector group + +```powershell +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 -ConnectorGroupId a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +``` +This example demonstrates how to create a new Private Access application called TestApp1 and assign a specific connector group to it. + +## Parameters + +### -ApplicationName + +The name of the new Private Access application. + +```yaml +Type: System.String +Parameter Sets: +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConnectorGroupId + +Specifies a connector group to be assigned to the application. + +```yaml +Type: System.String +Parameter Sets: +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## Inputs + +### System.String + +System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] + +## Outputs + +### System.Object + +## Notes + +## RELATED LINKS + +[Get-EntraBetaPrivateAccessApplication](Get-EntraBetaPrivateAccessApplication.md) + +[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) + +[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) + +[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) + From 3ab93651f0fef9f9f5e16a48b3e0e4787dcf8202 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 13:22:10 +0000 Subject: [PATCH 24/51] Fixing example build error --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index 988b4265e..644541fb8 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -22,12 +22,20 @@ Retrieves the onboarding status of the Global Secure Access service in the tenan ## Description -The `Get-EntraBetaGlobalSecureAccessTenantStatus` cmdlet retrieves the onboarding status of the Global Secure Access service in the tenant +The `Get-EntraBetaGlobalSecureAccessTenantStatus` cmdlet retrieves the onboarding status of the Global Secure Access service in the tenant. -## Example +For delegated scenarios involving work or school accounts, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The following least-privileged roles are supported for this operation: + +- Global Reader +- Global Secure Access Administrator +- Security Administrator + +## Examples + +### Example 1: Check Global Secure Access status for the tenant ```powershell -Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +Connect-Entra -Scopes 'NetworkAccessPolicy.Read.All' Get-EntraBetaGlobalSecureAccessTenantStatus ``` From 1bf6471302df2509707392bdbb5e8257ec751e82 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 13:27:46 +0000 Subject: [PATCH 25/51] Fixing Onboarding example resulting in build errors --- .../New-EntraBetaGlobalSecureAccessTenant.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md index 9193d53c7..0dc9eab83 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md @@ -24,10 +24,17 @@ Onboard the Global Secure Access service in the tenant. The `New-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant. -## Example +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least-privileged roles are supported: + +- Global Secure Access Administrator +- Security Administrator + +## Examples + +### Example 1: Enable Global Secure Access for a tenant ```powershell -Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All' New-EntraBetaGlobalSecureAccessTenant ``` From d1f17472d725b72ed31ba121165686849a8f58e3 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:24:37 +0000 Subject: [PATCH 26/51] Formatting response output --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index 644541fb8..c8bbd477c 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -40,9 +40,9 @@ Get-EntraBetaGlobalSecureAccessTenantStatus ``` ```Output -@odata.context : https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity -onboardingStatus : onboarded -onboardingErrorMessage : +@odata.context onboardingStatus onboardingErrorMessage +-------------- ---------------- ---------------------- +https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity offboarded ``` This command retrieves the onboarding status of the Global Secure Access service in the tenant. From cf27ac4252225ff8fbd202ed888b797aec44552b Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:25:23 +0000 Subject: [PATCH 27/51] Restoring original scopes --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index c8bbd477c..8114eb42b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -35,7 +35,7 @@ For delegated scenarios involving work or school accounts, the signed-in user mu ### Example 1: Check Global Secure Access status for the tenant ```powershell -Connect-Entra -Scopes 'NetworkAccessPolicy.Read.All' +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' Get-EntraBetaGlobalSecureAccessTenantStatus ``` From e68ce8e9fa75fac1d9730b5b2a1a3a1a3582fe0a Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:29:53 +0000 Subject: [PATCH 28/51] Enriching example description. --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index 8114eb42b..74bcc2579 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -45,7 +45,9 @@ Get-EntraBetaGlobalSecureAccessTenantStatus https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity offboarded ``` -This command retrieves the onboarding status of the Global Secure Access service in the tenant. +This command checks if the Global Secure Access service is activated in the tenant. + +If the status is `offboarded`, you can activate the service with `New-EntraBetaGlobalSecureAccessTenant`. ### CommonParameters From 1d2df6e32a66a41549634836f28e0d28776c12e3 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:36:16 +0000 Subject: [PATCH 29/51] Removing trailing spaces --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index 74bcc2579..458bdedf1 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -74,4 +74,3 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) - From dd789258927d9ceae6e6b6067be596e03ad1ec13 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:40:45 +0000 Subject: [PATCH 30/51] Adding status options. --- .../Get-EntraBetaGlobalSecureAccessTenantStatus.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md index 458bdedf1..4169dd99a 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGlobalSecureAccessTenantStatus.md @@ -49,6 +49,8 @@ This command checks if the Global Secure Access service is activated in the tena If the status is `offboarded`, you can activate the service with `New-EntraBetaGlobalSecureAccessTenant`. +The onboarding status can be: `offboarded`, `offboarding in progress`, `onboarding in progress`, `onboarded`, `onboarding error`, or `offboarding error`. + ### CommonParameters This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). From a7ec68756a43594d77660383f159985bcb89c7a2 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:45:29 +0000 Subject: [PATCH 31/51] Removing trailing spaces --- .../New-EntraBetaGlobalSecureAccessTenant.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md index 0dc9eab83..0c8732655 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md @@ -24,7 +24,7 @@ Onboard the Global Secure Access service in the tenant. The `New-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant. -In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least-privileged roles are supported: +In delegated scenarios with work or school accounts, the signed-in user needs a supported Microsoft Entra role or a custom role with the necessary permissions: - Global Secure Access Administrator - Security Administrator @@ -65,5 +65,3 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## RELATED LINKS [Get-EntraBetaGlobalSecureAccessTenantStatus](Get-EntraBetaGlobalSecureAccessTenantStatus.md) - - From 51dc1a137d93b7e1c97d5645785e85a1d86ac11a Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:46:07 +0000 Subject: [PATCH 32/51] Adding scopes --- .../New-EntraBetaGlobalSecureAccessTenant.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md index 0c8732655..00a17ae90 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md @@ -34,7 +34,7 @@ In delegated scenarios with work or school accounts, the signed-in user needs a ### Example 1: Enable Global Secure Access for a tenant ```powershell -Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All' +Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' New-EntraBetaGlobalSecureAccessTenant ``` From 64124d4e925e4020cc501df009988f5898d3f17a Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:53:16 +0000 Subject: [PATCH 33/51] Formatting outputs --- .../New-EntraBetaPrivateAccessApplication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md index 7d1a54d2d..be23e06d1 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md @@ -32,6 +32,7 @@ The `New-EntraBetaPrivateAccessApplication` cmdlet creates a Private Access appl Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 ``` + This example demonstrates how to create a new Private Access application called TestApp1 and assign the default connector group to it. ### Example 2: Create a new Private Access app and assign a specific connector group @@ -40,6 +41,7 @@ This example demonstrates how to create a new Private Access application called Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 -ConnectorGroupId a3bdc7a8-e7af-0000-abe7-4f093d2141d8 ``` + This example demonstrates how to create a new Private Access application called TestApp1 and assign a specific connector group to it. ## Parameters @@ -101,4 +103,3 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) - From 233562382554912a36143ebea18689e49bd50f32 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 18:19:00 +0000 Subject: [PATCH 34/51] Proposing use of ApplicationId instead of ObjectId --- .../Get-EntraBetaPrivateAccessApplication.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 index 76b1dc4e7..b98a0c265 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -8,7 +8,7 @@ function Get-EntraBetaPrivateAccessApplication { [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] [string] - $ObjectID, + $ApplicationId, [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] [string] @@ -25,7 +25,7 @@ function Get-EntraBetaPrivateAccessApplication { break } "SingleAppID" { - Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ObjectID/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" break } "SingleAppName" { From 80d8f66696fdeabf6cdb8ee15fa559c8b60769ef Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 18:28:04 +0000 Subject: [PATCH 35/51] Get-EntraBetaPrivateAccessApplication example improvements --- .../Get-EntraBetaPrivateAccessApplication.md | 28 +++++++++---------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md index 984776f5f..6ed62a000 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md @@ -35,14 +35,14 @@ Get-EntraBetaPrivateAccessApplication ```Output displayName : testApp1 -appId : b8a10d3c-0000-4d0b-9b31-d24a097a1e02 -id : 8f139194-c876-0000-af51-8aeb7f1fb9d4 +appId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id : bbbbbbbb-1111-2222-3333-cccccccccccc tags : {IsAccessibleViaZTNAClient, HideApp, PrivateAccessNonWebApplication} createdDateTime : 14/06/2024 12:38:50 AM displayName : QuickAccess -appId : d2d253be-0000-4d93-a5e4-5c0aca66ef5e -id : a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +appId : dddddddd-3333-4444-5555-eeeeeeeeeeee +id : eeeeeeee-4444-5555-6666-ffffffffffff tags : {HideApp, NetworkAccessQuickAccessApplication} createdDateTime : 4/07/2023 4:00:07 AM ``` @@ -53,14 +53,14 @@ This command retrieves all Private Access applications, including Quick Access. ```powershell Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' - -Get-EntraBetaPrivateAccessApplication -ObjectID a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +$application = Get-EntraBetaPrivateAccessApplication | Where-Object {$_.DisplayName -eq 'Finance team file share'} +Get-EntraBetaPrivateAccessApplication -ApplicationId $application.Id ``` ```Output displayName : QuickAccess -appId : d2d253be-0000-4d93-a5e4-5c0aca66ef5e -id : a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +appId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id : bbbbbbbb-1111-2222-3333-cccccccccccc tags : {HideApp, NetworkAccessQuickAccessApplication} createdDateTime : 4/07/2023 4:00:07 AM ``` @@ -71,14 +71,13 @@ This example demonstrates how to retrieve information for a specific Private Acc ```powershell Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' - -Get-EntraBetaPrivateAccessApplication -ApplicationName testApp1 +Get-EntraBetaPrivateAccessApplication -ApplicationName 'Finance team file share' ``` ```Output -displayName : testApp1 -appId : b8a10d3c-0000-4d0b-9b31-d24a097a1e02 -id : 8f139194-c876-0000-af51-8aeb7f1fb9d4 +displayName : Finance team file share +appId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb +id : bbbbbbbb-1111-2222-3333-cccccccccccc tags : {IsAccessibleViaZTNAClient, HideApp, PrivateAccessNonWebApplication} createdDateTime : 14/06/2024 12:38:50 AM ``` @@ -87,7 +86,7 @@ This example demonstrates how to retrieve information for a specific Private Acc ## Parameters -### -ObjectId +### -ApplicationId The Object ID of a Private Access application object. @@ -144,4 +143,3 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) - From 18cd3b635db02050d60dc93feffc9aa2e3f1273c Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 18:52:44 +0000 Subject: [PATCH 36/51] Adding an alias --- .../Get-EntraBetaPrivateAccessApplication.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 index b98a0c265..51dc1e90a 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -5,7 +5,7 @@ function Get-EntraBetaPrivateAccessApplication { [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] param ( - + [Alias("ObjectId")] [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] [string] $ApplicationId, From 1102b747e80585c7dbf99920a56be4c7951c89d7 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 18:53:37 +0000 Subject: [PATCH 37/51] Adding documentation alias --- .../Get-EntraBetaPrivateAccessApplication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md index 6ed62a000..e95a86a33 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPrivateAccessApplication.md @@ -93,7 +93,7 @@ The Object ID of a Private Access application object. ```yaml Type: System.String Parameter Sets: SingleAppID -Aliases: +Aliases: ObjectId Required: False Position: 1 From 45930e358edbcce096223c26b29e48cb9d32b552 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 24 Oct 2024 19:01:32 +0000 Subject: [PATCH 38/51] Renaming cmdlet name to Enable-EntraBetaGlobalSecureAccessTenant --- ...s1 => Enable-EntraBetaGlobalSecureAccessTenant.ps1} | 2 +- ....md => Enable-EntraBetaGlobalSecureAccessTenant.md} | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) rename module/EntraBeta/AdditionalFunctions/{New-EntraBetaGlobalSecureAccessTenant.ps1 => Enable-EntraBetaGlobalSecureAccessTenant.ps1} (92%) rename module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/{New-EntraBetaGlobalSecureAccessTenant.md => Enable-EntraBetaGlobalSecureAccessTenant.md} (84%) diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 similarity index 92% rename from module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 rename to module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 120984a2d..3c6f85120 100644 --- a/module/EntraBeta/AdditionalFunctions/New-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -function New-EntraBetaGlobalSecureAccessTenant { +function Enable-EntraBetaGlobalSecureAccessTenant { PROCESS { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md similarity index 84% rename from module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md rename to module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md index 00a17ae90..aa5a1463d 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaGlobalSecureAccessTenant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md @@ -1,6 +1,6 @@ --- -title: New-EntraBetaGlobalSecureAccessTenant -description: This article provides details on the New-EntraBetaGlobalSecureAccessTenant command. +title: Enable-EntraBetaGlobalSecureAccessTenant +description: This article provides details on the Enable-EntraBetaGlobalSecureAccessTenant command. ms.topic: reference ms.date: 10/19/2024 @@ -14,7 +14,7 @@ online version: schema: 2.0.0 --- -# New-EntraBetaGlobalSecureAccessTenant +# Enable-EntraBetaGlobalSecureAccessTenant ## Synopsis @@ -22,7 +22,7 @@ Onboard the Global Secure Access service in the tenant. ## Description -The `New-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant. +The `Enable-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant. In delegated scenarios with work or school accounts, the signed-in user needs a supported Microsoft Entra role or a custom role with the necessary permissions: @@ -35,7 +35,7 @@ In delegated scenarios with work or school accounts, the signed-in user needs a ```powershell Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' -New-EntraBetaGlobalSecureAccessTenant +Enable-EntraBetaGlobalSecureAccessTenant ``` ```Output From 2085047cb693d17d58b76a1d5b2b375bb2579f26 Mon Sep 17 00:00:00 2001 From: Andres Canello <39328890+andres-canello@users.noreply.github.com> Date: Fri, 25 Oct 2024 13:59:57 +1000 Subject: [PATCH 39/51] Update New-EntraBetaPrivateAccessApplication.ps1 --- .../New-EntraBetaPrivateAccessApplication.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 index a49a138ea..1045c75b4 100644 --- a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 @@ -50,12 +50,12 @@ function New-EntraBetaPrivateAccessApplication { Invoke-GraphRequest @params - $bodyJson = @{ - "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId" - } | ConvertTo-Json -Depth 99 -Compress - # If ConnectorGroupId has been specified, assign the connector group to the app, otherwise the default connector group will be assigned. if ($ConnectorGroupId) { + + $bodyJson = @{ + "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId" + } | ConvertTo-Json -Depth 99 -Compress $params = @{ Method = 'PUT' From 23704c118682049271c08202c81f2eda593fe6df Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 25 Oct 2024 06:41:03 +0000 Subject: [PATCH 40/51] Enriching examples and formatting to boost quality. --- .../New-EntraBetaPrivateAccessApplication.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md index be23e06d1..175c1c6ea 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaPrivateAccessApplication.md @@ -18,11 +18,11 @@ schema: 2.0.0 ## Synopsis -Creates a Private Access applications and assigns a connector group to it. +Creates a Private Access application and assigns a connector group to it. ## Description -The `New-EntraBetaPrivateAccessApplication` cmdlet creates a Private Access applications and assigns a connector group to it. +The `New-EntraBetaPrivateAccessApplication` cmdlet creates a Private Access application and assigns a connector group to it. ## Examples @@ -30,19 +30,20 @@ The `New-EntraBetaPrivateAccessApplication` cmdlet creates a Private Access appl ```powershell Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' -New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 +New-EntraBetaPrivateAccessApplication -ApplicationName 'Contoso GSA Application' ``` -This example demonstrates how to create a new Private Access application called TestApp1 and assign the default connector group to it. +This example shows how to create a new Private Access application named `Contoso GSA Application` and assign it to the default connector group. ### Example 2: Create a new Private Access app and assign a specific connector group ```powershell Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All' -New-EntraBetaPrivateAccessApplication -ApplicationName TestApp1 -ConnectorGroupId a3bdc7a8-e7af-0000-abe7-4f093d2141d8 +$connectorGroup = Get-EntraBetaApplicationProxyConnectorGroup -Filter "Name eq 'Contoso GSA Group'" +New-EntraBetaPrivateAccessApplication -ApplicationName 'Contoso GSA Application' -ConnectorGroupId $connectorGroup.Id ``` -This example demonstrates how to create a new Private Access application called TestApp1 and assign a specific connector group to it. +This example shows how to create a new Private Access application named `Contoso GSA Application` and assign it to a specific connector group. ## Parameters @@ -64,7 +65,7 @@ Accept wildcard characters: False ### -ConnectorGroupId -Specifies a connector group to be assigned to the application. +Specifies a connector group to assign to the application. Use `Get-EntraBetaApplicationProxyConnectorGroup` to retrieve connector details or `New-EntraBetaApplicationProxyConnectorGroup` to create a new group. ```yaml Type: System.String @@ -97,9 +98,7 @@ System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutra ## RELATED LINKS [Get-EntraBetaPrivateAccessApplication](Get-EntraBetaPrivateAccessApplication.md) - [Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md) - [Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md) - [New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md) +[New-EntraBetaApplicationProxyConnectorGroup](New-EntraBetaApplicationProxyConnectorGroup.md) From 322349ade830350143b8bdd9cc14465a073754a6 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:56:27 +0300 Subject: [PATCH 41/51] Update module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 Co-authored-by: Kennedy Kang'ethe --- .../Enable-EntraBetaGlobalSecureAccessTenant.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 3c6f85120..898e94f7c 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -7,7 +7,7 @@ function Enable-EntraBetaGlobalSecureAccessTenant { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" + $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" $response } From 36f41e6409e1ab0e43ebe7db531ceeb5887fbab6 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:56:35 +0300 Subject: [PATCH 42/51] Update module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 Co-authored-by: Kennedy Kang'ethe --- .../Enable-EntraBetaGlobalSecureAccessTenant.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 898e94f7c..de13f10eb 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -8,7 +8,7 @@ function Enable-EntraBetaGlobalSecureAccessTenant { $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" - $response + $response } From 7613e20c4369f2a4d6e54ab817b27661c1f540f5 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:56:42 +0300 Subject: [PATCH 43/51] Update module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 Co-authored-by: Kennedy Kang'ethe --- .../Enable-EntraBetaGlobalSecureAccessTenant.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index de13f10eb..4e0365d45 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -10,6 +10,6 @@ function Enable-EntraBetaGlobalSecureAccessTenant { $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" $response - } + } } From 72252c5f70d71ffb5d00a4c77efe091e0d9798f1 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:58:01 +0300 Subject: [PATCH 44/51] Applying PowerShell formatting --- .../Enable-EntraBetaGlobalSecureAccessTenant.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 4e0365d45..4dfed36d4 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -3,13 +3,13 @@ # ------------------------------------------------------------------------------ function Enable-EntraBetaGlobalSecureAccessTenant { - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" - $response + $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" + $response - } + } } From 49a92006af72aacb70a4f950d218a38d36f1e5d5 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:00:41 +0300 Subject: [PATCH 45/51] Applying PowerShell formatting for Get-EntraBetaGlobalSecureAccessTenantStatus --- ...EntraBetaGlobalSecureAccessTenantStatus.ps1 | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 index 84459fd11..6e6434cb3 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 @@ -1,15 +1,11 @@ # ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# Copyright (c) Microsoft Corporation. All Rights Reserved. +# Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ function Get-EntraBetaGlobalSecureAccessTenantStatus { - - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - - - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/tenantStatus" - $response - - } - + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/tenantStatus" + $response + } } From dfc752e6fd4688104d1a39647f72628fc7632363 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:01:55 +0300 Subject: [PATCH 46/51] Applying PowerShell formatting Enable-EntraBetaGlobalSecureAccessTenant --- ...nable-EntraBetaGlobalSecureAccessTenant.ps1 | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 4dfed36d4..5707183ed 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -1,15 +1,11 @@ # ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# Copyright (c) Microsoft Corporation. All Rights Reserved. +# Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ function Enable-EntraBetaGlobalSecureAccessTenant { - - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - - - $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" - $response - - } - + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard" + $response + } } From daa365dd6bda71747ceafe0c74a0bfe9407ab58c Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:03:43 +0300 Subject: [PATCH 47/51] Applying PowerShell formatting Get-EntraBetaPrivateAccessApplication --- .../Get-EntraBetaPrivateAccessApplication.ps1 | 60 +++++++++---------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 index 51dc1e90a..269139158 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -1,38 +1,36 @@ # ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# Copyright (c) Microsoft Corporation. All Rights Reserved. +# Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -function Get-EntraBetaPrivateAccessApplication { +[CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] +param ( + [Alias("ObjectId")] + [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] + [string] + $ApplicationId, + + [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] + [string] + $ApplicationName +) - [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] - param ( - [Alias("ObjectId")] - [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] - [string] - $ApplicationId, - - [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] - [string] - $ApplicationName - ) - - PROCESS { +PROCESS { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - switch ($PSCmdlet.ParameterSetName) { - "AllPrivateAccessApps" { - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')' - $response.value - break - } - "SingleAppID" { - Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" - break - } - "SingleAppName" { - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'" - $response.value - break - } - } + switch ($PSCmdlet.ParameterSetName) { + "AllPrivateAccessApps" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')' + $response.value + break + } + "SingleAppID" { + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" + break + } + "SingleAppName" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'" + $response.value + break + } } } From 9eba0cdef1672adfe6502e0b1ebe580f9500e839 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:05:42 +0300 Subject: [PATCH 48/51] Applying PowerShell formatting for New-EntraBetaPrivateAccessApplication --- .../New-EntraBetaPrivateAccessApplication.ps1 | 109 +++++++++--------- 1 file changed, 52 insertions(+), 57 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 index 1045c75b4..38786b0d9 100644 --- a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 @@ -1,70 +1,65 @@ # ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# Copyright (c) Microsoft Corporation. All Rights Reserved. +# Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ function New-EntraBetaPrivateAccessApplication { - [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] - param ( + [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] + param ( + [Parameter(Mandatory = $True, Position = 1)] + [string] + $ApplicationName, + + [Parameter(Mandatory = $False, Position = 2)] + [string] + $ConnectorGroupId + ) - [Parameter(Mandatory = $True, Position = 1)] - [string] - $ApplicationName, - - [Parameter(Mandatory = $False, Position = 2)] - [string] - $ConnectorGroupId - ) + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + $bodyJson = @{ displayName = $ApplicationName } | ConvertTo-Json -Depth 99 -Compress + # Instantiate the Private Access app + try { + $newApp = Invoke-GraphRequest -Method POST -Headers $customHeaders -Uri 'https://graph.microsoft.com/beta/applicationTemplates/8adf8e6e-67b2-4cf2-a259-e3dc5476c621/instantiate' -Body $bodyJson + } + catch { + Write-Error "Failed to create the Private Access app. Error: $_" + return + } - $bodyJson = @{displayName = $ApplicationName} | ConvertTo-Json -Depth 99 -Compress + $bodyJson = @{ + "onPremisesPublishing" = @{ + "applicationType" = "nonwebapp" + "isAccessibleViaZTNAClient" = $true + } + } | ConvertTo-Json -Depth 99 -Compress - # Instantiate the Private Access app + $newAppId = $newApp.application.objectId - try { - $newApp = Invoke-GraphRequest -Method POST -Headers $customHeaders -Uri https://graph.microsoft.com/beta/applicationTemplates/8adf8e6e-67b2-4cf2-a259-e3dc5476c621/instantiate -Body $bodyJson - } - catch { - Write-Error "Failed to create the Private Access app. Error: $_" - return - } + # Set the Private Access app to be accessible via the ZTNA client + $params = @{ + Method = 'PATCH' + Uri = "https://graph.microsoft.com/beta/applications/$newAppId/" + Body = $bodyJson + } - $bodyJson = @{ - "onPremisesPublishing" = @{ - "applicationType" = "nonwebapp" - "isAccessibleViaZTNAClient" = $true - } - } | ConvertTo-Json -Depth 99 -Compress + Invoke-GraphRequest @params - $newAppId = $newApp.application.objectId - - # Set the Private Access app to be accessible via the ZTNA client - $params = @{ - Method = 'PATCH' - Uri = "https://graph.microsoft.com/beta/applications/$newAppId/" - Body = $bodyJson - - } - - Invoke-GraphRequest @params - - # If ConnectorGroupId has been specified, assign the connector group to the app, otherwise the default connector group will be assigned. - if ($ConnectorGroupId) { - - $bodyJson = @{ - "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId" - } | ConvertTo-Json -Depth 99 -Compress - - $params = @{ - Method = 'PUT' - Uri = "https://graph.microsoft.com/beta/applications/$newAppId/connectorGroup/`$ref" - Body = $bodyJson - } - - Invoke-GraphRequest @params - } - - } + # If ConnectorGroupId has been specified, assign the connector group to the app, otherwise the default connector group will be assigned. + if ($ConnectorGroupId) { + $bodyJson = @{ + "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId" + } | ConvertTo-Json -Depth 99 -Compress + + $params = @{ + Method = 'PUT' + Uri = "https://graph.microsoft.com/beta/applications/$newAppId/connectorGroup/`$ref" + Body = $bodyJson + } + + Invoke-GraphRequest @params + } + } } From 890d7ec1b0439dd2c5d600115bc6e82e994e34df Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 14:46:02 +0300 Subject: [PATCH 49/51] Updating date --- .../Enable-EntraBetaGlobalSecureAccessTenant.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md index aa5a1463d..af4355ac3 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Enable-EntraBetaGlobalSecureAccessTenant.md @@ -3,7 +3,7 @@ title: Enable-EntraBetaGlobalSecureAccessTenant description: This article provides details on the Enable-EntraBetaGlobalSecureAccessTenant command. ms.topic: reference -ms.date: 10/19/2024 +ms.date: 10/31/2024 ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG From f19d35803e8786d2292063ef686357a8dc7479f9 Mon Sep 17 00:00:00 2001 From: Kennedy Kangethe Munga Date: Thu, 31 Oct 2024 15:29:51 +0300 Subject: [PATCH 50/51] Formatting changes --- ...able-EntraBetaGlobalSecureAccessTenant.ps1 | 1 + ...ntraBetaGlobalSecureAccessTenantStatus.ps1 | 1 + .../Get-EntraBetaPrivateAccessApplication.ps1 | 56 ++++++++++--------- ...traBetaPrivateAccessApplicationSegment.ps1 | 1 + .../New-EntraBetaPrivateAccessApplication.ps1 | 1 + 5 files changed, 34 insertions(+), 26 deletions(-) diff --git a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 index 5707183ed..259f037af 100644 --- a/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Enable-EntraBetaGlobalSecureAccessTenant.ps1 @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ + function Enable-EntraBetaGlobalSecureAccessTenant { PROCESS { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 index 6e6434cb3..65b0ef34e 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaGlobalSecureAccessTenantStatus.ps1 @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ + function Get-EntraBetaGlobalSecureAccessTenantStatus { PROCESS { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 index 269139158..f9613431a 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -2,35 +2,39 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -[CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] -param ( - [Alias("ObjectId")] - [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] - [string] - $ApplicationId, + +function Get-EntraBetaPrivateAccessApplicationSegment { - [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] - [string] - $ApplicationName -) + [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] + param ( + [Alias("ObjectId")] + [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')] + [string] + $ApplicationId, + + [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')] + [string] + $ApplicationName + ) -PROCESS { - $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand + PROCESS { + $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand - switch ($PSCmdlet.ParameterSetName) { - "AllPrivateAccessApps" { - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')' - $response.value - break - } - "SingleAppID" { - Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" - break - } - "SingleAppName" { - $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'" - $response.value - break + switch ($PSCmdlet.ParameterSetName) { + "AllPrivateAccessApps" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')' + $response.value + break + } + "SingleAppID" { + Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames" + break + } + "SingleAppName" { + $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'" + $response.value + break + } } } } diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 index 99b6c9c7f..f498c2ce5 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplicationSegment.ps1 @@ -1,6 +1,7 @@ # ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ + function Get-EntraBetaPrivateAccessApplicationSegment { [CmdletBinding(DefaultParameterSetName = 'AllApplicationSegments')] diff --git a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 index 38786b0d9..f20565962 100644 --- a/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/New-EntraBetaPrivateAccessApplication.ps1 @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ + function New-EntraBetaPrivateAccessApplication { [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] From 7f8fd92d12377f26d666c9d48621c9a073bfd9f1 Mon Sep 17 00:00:00 2001 From: Kennedy Kangethe Munga Date: Thu, 31 Oct 2024 16:02:15 +0300 Subject: [PATCH 51/51] Update name --- .../Get-EntraBetaPrivateAccessApplication.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 index f9613431a..123048e46 100644 --- a/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 +++ b/module/EntraBeta/AdditionalFunctions/Get-EntraBetaPrivateAccessApplication.ps1 @@ -3,7 +3,7 @@ # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -function Get-EntraBetaPrivateAccessApplicationSegment { +function Get-EntraBetaPrivateAccessApplication { [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')] param (