Update authentication objects and functions

Author: silverhack

core/api/auth/aipservice/Connect-MonkeyAIPService.ps1

@@ -0,0 +1,94 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+Function Connect-MonkeyAIPService{
+    <#
+        .SYNOPSIS
+        Function to connect to Azure Information Protection
+
+        .DESCRIPTION
+        Function to connect to Azure Information Protection
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Connect-MonkeyAIPService
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+    [CmdletBinding()]
+    Param ()
+    Process{
+        Try{
+            If($null -eq $O365Object.auth_tokens.AADRM){
+                $msg = @{
+                    MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Azure Information Protection")
+                    callStack = (Get-PSCallStack | Select-Object -First 1);
+                    logLevel = 'info';
+                    InformationAction = $O365Object.InformationAction;
+                    Tags = @('AIPTokenRequestInfoMessage');
+                }
+                Write-Information @msg
+                #Set RedirectUri
+                If($O365Object.cloudEnvironment -eq [Microsoft.Identity.Client.AzureCloudInstance]::AzureUsGovernment){
+                    $redirectUri = "https://aadrm.us/adminpowershell"
+                }
+                Else{
+                    $redirectUri = "https://aadrm.com/adminpowershell"
+                }
+                #Connect to Azure Information Protection
+                $p = @{
+                    Resource = $O365Object.Environment.AADRM;
+                    AzureService = "AzurePowershell";
+                    RedirectUri = $redirectUri;
+                    InformationAction = $O365Object.InformationAction;
+                    Verbose = $O365Object.verbose;
+                    Debug = $O365Object.debug;
+                }
+                $O365Object.auth_tokens.AADRM = Connect-MonkeyGenericApplication @p
+                If($null -ne $O365Object.auth_tokens.AADRM){
+                    #Get Service locator url
+                    $service_locator = Get-AADRMServiceLocatorUrl
+                    If($null -ne $service_locator){
+                        #set internal object
+                        If($O365Object.Environment.ContainsKey('aadrm_service_locator')){
+                            $O365Object.Environment.aadrm_service_locator = $service_locator;
+                        }
+                        Else{
+                            $O365Object.Environment.Add('aadrm_service_locator',$service_locator)
+                        }
+                        $O365Object.onlineServices.Item($service) = $true
+                    }
+                }
+            }
+        }
+        Catch{
+            $msg = @{
+                Message = $_;
+                callStack = (Get-PSCallStack | Select-Object -First 1);
+                logLevel = 'error';
+                Tags = @('AIPAuthenticationError');
+            }
+            Write-Error @msg
+        }
+    }
+}

core/api/auth/azure/Connect-MonkeyAzure.ps1

@@ -118,5 +118,4 @@ Function Connect-MonkeyAzure{
             }
         }
     }
-}
-
+}

core/api/auth/generic/Connect-MonkeyGenericApplication.ps1

@@ -75,6 +75,15 @@ Function Connect-MonkeyGenericApplication {
                 foreach ($param in $O365Object.application_args.GetEnumerator()){
                     $client_app.add($param.Key, $param.Value)
                 }
+                #Add RedirectURI
+                If($PSBoundParameters.ContainsKey('RedirectUri') -and $PSBoundParameters['RedirectUri']){
+                    If($client_app.ContainsKey('RedirectUri')){
+                        $client_app.RedirectUri = $PSBoundParameters['RedirectUri']
+                    }
+                    Else{
+                        $client_app.add('RedirectUri', $PSBoundParameters['RedirectUri'])
+                    }
+                }
                 #Get ClientId from Microsoft Graph
                 $clientId = Get-WellKnownAzureService -AzureService $AzureService
                 if($clientId){

core/api/auth/intune/Connect-MonkeyIntune.ps1

@@ -60,6 +60,9 @@ Function Connect-MonkeyM365{
                     $moduleFile = Get-PSExoModuleFile @p
                     If($moduleFile){
                         $O365Object.onlineServices.Item($service) = $true
+                        #Connect AIPService
+                        Connect-MonkeyAIPService
+                        Start-Sleep -Milliseconds 100
                     }
                     Else{
                         $msg = @{
@@ -102,6 +105,9 @@ Function Connect-MonkeyM365{
                         $moduleFile = Get-PSExoModuleFile @p
                         If($moduleFile){
                             $O365Object.onlineServices.Item($service) = $true
+                            #Connect AIPService
+                            Connect-MonkeyAIPService
+                            Start-Sleep -Milliseconds 100
                         }
                         Else{
                             $msg = @{
@@ -263,6 +269,9 @@ Function Connect-MonkeyM365{
                     #Check If connected to SharePoint
                     If($O365Object.isSharePointAdministrator -or $null -ne $O365Object.spoSites){
                         $O365Object.onlineServices.Item($service) = $true
+                        #Connect AIPService
+                        Connect-MonkeyAIPService
+                        Start-Sleep -Milliseconds 100
                     }
                 }
             }
@@ -502,29 +511,6 @@ Function Connect-MonkeyM365{
                     }
                 }
             }
-            #Connect to Microsoft Intune
-            'intune'{
-                $msg = @{
-                    MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Intune")
-                    callStack = (Get-PSCallStack | Select-Object -First 1);
-                    logLevel = 'info';
-                    InformationAction = $O365Object.InformationAction;
-                    Tags = @('TokenRequestInfoMessage');
-                }
-                Write-Information @msg
-                $p = @{
-                    Resource = $O365Object.Environment.Graphv2;
-                    AzureService = "Intune";
-                    InformationAction = $O365Object.InformationAction;
-                    Verbose = $O365Object.verbose;
-                    Debug = $O365Object.debug;
-                }
-                $O365Object.auth_tokens.Intune = Connect-MonkeyGenericApplication @p
-                #$O365Object.auth_tokens.Intune = Connect-MonkeyIntune
-                If($null -ne $O365Object.auth_tokens.Intune){
-                    $O365Object.onlineServices.Item($service) = $true
-                }
-            }
         }
     }
 }