microsoftgraph · KenitoInc · Oct 31, 2024 · Jul 17, 2024 · Jul 18, 2024 · Jul 18, 2024
@@ -0,0 +1,12 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.
+#  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function Enable-EntraBetaGlobalSecureAccessTenant {
+    PROCESS {
+        $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand
+        $response = Invoke-GraphRequest -Method POST -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/microsoft.graph.networkaccess.onboard"
+        $response
+    }
+}
@@ -0,0 +1,12 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.
+#  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function Get-EntraBetaGlobalSecureAccessTenantStatus {
+	PROCESS {
+		$customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand
+		$response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/networkAccess/tenantStatus"
+		$response
+	}
+}
@@ -0,0 +1,40 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.
+#  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function Get-EntraBetaPrivateAccessApplication {
+
+    [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')]
+    param (
+        [Alias("ObjectId")]
+        [Parameter(Mandatory = $True, Position = 1, ParameterSetName = 'SingleAppID')]
+        [string]
+        $ApplicationId,
+
+        [Parameter(Mandatory = $False, ParameterSetName = 'SingleAppName')]
+        [string]
+        $ApplicationName
+    )
+
+    PROCESS {
+        $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand
+
+        switch ($PSCmdlet.ParameterSetName) {
+            "AllPrivateAccessApps" {
+                $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri 'https://graph.microsoft.com/beta/applications?$count=true&$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&$filter=tags/Any(x: x eq ''PrivateAccessNonWebApplication'') or tags/Any(x: x eq ''NetworkAccessManagedApplication'') or tags/Any(x: x eq ''NetworkAccessQuickAccessApplication'')'
+                $response.value
+                break
+            }
+            "SingleAppID" {
+                Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications/$ApplicationId/?`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames"
+                break
+            }
+            "SingleAppName" {
+                $response = Invoke-GraphRequest -Method GET -Headers $customHeaders -OutputType PSObject -Uri "https://graph.microsoft.com/beta/applications?`$count=true&`$select=displayName,appId,id,tags,createdDateTime,servicePrincipalType,createdDateTime,servicePrincipalNames&`$filter=DisplayName eq '$ApplicationName'"
+                $response.value
+                break
+            }
+        }
+    }
+}
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------------------
 #  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
 # ------------------------------------------------------------------------------
+
 function Get-EntraBetaPrivateAccessApplicationSegment {
 
 	[CmdletBinding(DefaultParameterSetName = 'AllApplicationSegments')]

@@ -0,0 +1,66 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.
+#  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function New-EntraBetaPrivateAccessApplication {
+
+    [CmdletBinding(DefaultParameterSetName = 'AllPrivateAccessApps')]
+    param (
+        [Parameter(Mandatory = $True, Position = 1)]
+        [string]
+        $ApplicationName,
+
+        [Parameter(Mandatory = $False, Position = 2)]
+        [string]
+        $ConnectorGroupId
+    )
+
+    PROCESS {
+        $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand
+
+        $bodyJson = @{ displayName = $ApplicationName } | ConvertTo-Json -Depth 99 -Compress
+
+        # Instantiate the Private Access app
+        try {
+            $newApp = Invoke-GraphRequest -Method POST -Headers $customHeaders -Uri 'https://graph.microsoft.com/beta/applicationTemplates/8adf8e6e-67b2-4cf2-a259-e3dc5476c621/instantiate' -Body $bodyJson
+        }
+        catch {
+            Write-Error "Failed to create the Private Access app. Error: $_"
+            return
+        }
+
+        $bodyJson = @{
+            "onPremisesPublishing" = @{
+                "applicationType" = "nonwebapp"
+                "isAccessibleViaZTNAClient" = $true
+            }
+        } | ConvertTo-Json -Depth 99 -Compress
+
+        $newAppId = $newApp.application.objectId
+
+        # Set the Private Access app to be accessible via the ZTNA client
+        $params = @{
+            Method = 'PATCH'
+            Uri = "https://graph.microsoft.com/beta/applications/$newAppId/"
+            Body = $bodyJson
+        }
+
+        Invoke-GraphRequest @params
+
+        # If ConnectorGroupId has been specified, assign the connector group to the app, otherwise the default connector group will be assigned.
+        if ($ConnectorGroupId) {
+            $bodyJson = @{
+                "@odata.id" = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/$ConnectorGroupId"
+            } | ConvertTo-Json -Depth 99 -Compress
+
+            $params = @{
+                Method = 'PUT'
+                Uri = "https://graph.microsoft.com/beta/applications/$newAppId/connectorGroup/`$ref"
+                Body = $bodyJson
+            }
+
+            Invoke-GraphRequest @params
+        }
+    }
+}
@@ -0,0 +1,67 @@
+---
+title: Enable-EntraBetaGlobalSecureAccessTenant
+description: This article provides details on the Enable-EntraBetaGlobalSecureAccessTenant command.
+
+ms.topic: reference
+ms.date: 10/31/2024
+ms.author: eunicewaweru
+ms.reviewer: stevemutungi
+manager: CelesteDG
+author: andres-canello
+external help file: Microsoft.Graph.Entra.Beta-Help.xml
+Module Name: Microsoft.Graph.Entra.Beta
+online version:
+schema: 2.0.0
+---
+
+# Enable-EntraBetaGlobalSecureAccessTenant
+
+## Synopsis
+
+Onboard the Global Secure Access service in the tenant.
+
+## Description
+
+The `Enable-EntraBetaGlobalSecureAccessTenant` cmdlet onboards the Global Secure Access service in the tenant.
+
+In delegated scenarios with work or school accounts, the signed-in user needs a supported Microsoft Entra role or a custom role with the necessary permissions:
+
+- Global Secure Access Administrator
+- Security Administrator
+
+## Examples
+
+### Example 1: Enable Global Secure Access for a tenant
+
+```powershell
+Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All'
+Enable-EntraBetaGlobalSecureAccessTenant
+```
+
+```Output
+@odata.context         : https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity
+onboardingStatus       : onboarded
+onboardingErrorMessage :
+```
+
+This command onboards the Global Secure Access service in the tenant.
+
+### CommonParameters
+
+This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+
+## Inputs
+
+### System.String
+
+System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\]
+
+## Outputs
+
+### System.Object
+
+## Notes
+
+## RELATED LINKS
+
+[Get-EntraBetaGlobalSecureAccessTenantStatus](Get-EntraBetaGlobalSecureAccessTenantStatus.md)
@@ -0,0 +1,78 @@
+---
+title: Get-EntraBetaGlobalSecureAccessTenantStatus
+description: This article provides details on the Get-EntraBetaGlobalSecureAccessTenantStatus command.
+
+ms.topic: reference
+ms.date: 10/19/2024
+ms.author: eunicewaweru
+ms.reviewer: stevemutungi
+manager: CelesteDG
+author: andres-canello
+external help file: Microsoft.Graph.Entra.Beta-Help.xml
+Module Name: Microsoft.Graph.Entra.Beta
+online version:
+schema: 2.0.0
+---
+
+# Get-EntraBetaGlobalSecureAccessTenantStatus
+
+## Synopsis
+
+Retrieves the onboarding status of the Global Secure Access service in the tenant.
+
+## Description
+
+The `Get-EntraBetaGlobalSecureAccessTenantStatus` cmdlet retrieves the onboarding status of the Global Secure Access service in the tenant.
+
+For delegated scenarios involving work or school accounts, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The following least-privileged roles are supported for this operation:
+
+- Global Reader
+- Global Secure Access Administrator
+- Security Administrator
+
+## Examples
+
+### Example 1: Check Global Secure Access status for the tenant
+
+```powershell
+Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All'
+Get-EntraBetaGlobalSecureAccessTenantStatus
+```
+
+```Output
+@odata.context                                                                onboardingStatus onboardingErrorMessage
+--------------                                                                ---------------- ----------------------
+https://graph.microsoft.com/beta/$metadata#networkAccess/tenantStatus/$entity offboarded
+```
+
+This command checks if the Global Secure Access service is activated in the tenant.
+
+If the status is `offboarded`, you can activate the service with `New-EntraBetaGlobalSecureAccessTenant`.
+
+The onboarding status can be: `offboarded`, `offboarding in progress`, `onboarding in progress`, `onboarded`, `onboarding error`, or `offboarding error`.
+
+### CommonParameters
+
+This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+
+## Inputs
+
+### System.String
+
+System.Nullable\`1\[\[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\] System.Nullable\`1\[\[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\]\]
+
+## Outputs
+
+### System.Object
+
+## Notes
+
+## RELATED LINKS
+
+[Get-EntraBetaApplication](Get-EntraBetaApplication.md)
+
+[Get-EntraBetaPrivateAccessApplicationSegment](Get-EntraBetaPrivateAccessApplicationSegment.md)
+
+[Remove-EntraBetaPrivateAccessApplicationSegment](Remove-EntraBetaPrivateAccessApplicationSegment.md)
+
+[New-EntraBetaPrivateAccessApplicationSegment](New-EntraBetaPrivateAccessApplicationSegment.md)