Merge pull request #90 from kylemar/main

Address issues in Invoke-MsIdAgentIdInteractive

Author: merill

src/agentid/Add-MsIdClientSecretToAgentIdentityBlueprint.ps1

@@ -61,7 +61,7 @@ function Add-MsIdClientSecretToAgentIdentityBlueprint {
 
         # Store the secret in module-level variables for use by other functions
         $script:CurrentAgentBlueprintSecret = $secretResult
-        $script:LastClientSecret = $secretResult.SecretText
+        $script:LastClientSecret = ConvertTo-SecureString $secretResult.SecretText -AsPlainText -Force
 
         return $secretResult
     }

src/agentid/Connect-MsIdEntraAsUser.ps1

@@ -36,7 +36,7 @@ function Connect-MsIdEntraAsUser {
         }
 
         Write-Host "Connecting to Microsoft Graph as user..." -ForegroundColor Yellow
-        connect-mggraph -contextscope process -scopes $Scopes
+        connect-mggraph -contextscope process -scopes $Scopes -NoWelcome
 
         # Get the tenant ID and current user
         $context = Get-MgContext

src/agentid/ConnectAsAgentIdentityBlueprint.ps1

@@ -42,8 +42,7 @@ function ConnectAsAgentIdentityBlueprint {
         Write-Host "Connecting to Microsoft Graph using Agent Identity Blueprint credentials..." -ForegroundColor Yellow
 
         # Convert the stored client secret to a secure credential
-        $SecureClientSecret = ConvertTo-SecureString $script:LastClientSecret -AsPlainText -Force
-        $ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $script:CurrentAgentBlueprintId, $SecureClientSecret
+        $ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $script:CurrentAgentBlueprintId, $script:LastClientSecret
 
         # Connect to Microsoft Graph using the blueprint's credentials
         connect-mggraph -tenantId $script:CurrentTenantId -ClientSecretCredential $ClientSecretCredential -ContextScope Process -NoWelcome

src/agentid/EnsureRequiredModules.ps1

@@ -12,14 +12,14 @@ function EnsureRequiredModules {
     $requiredModules = @(
         'Microsoft.Graph.Authentication',
         'Microsoft.Graph.Applications',
-        'Microsoft.Graph.Identity.SignIns'
+        'Microsoft.Graph.Identity.SignIns',
+        'Microsoft.Graph.Users',
+        'Microsoft.Graph.Identity.DirectoryManagement'
     )
 
     foreach ($module in $requiredModules) {
-        Write-Host "Checking module: $module" -ForegroundColor Yellow
-
         if (!(Get-Module -ListAvailable -Name $module)) {
-            Write-Host "Module $module not found. Installing..." -ForegroundColor Red
+            Write-Host "Module $module not found. Installing..." -ForegroundColor Yellow
             try {
                 Install-Module -Name $module -Scope CurrentUser -Force -AllowClobber
                 Write-Host "Successfully installed $module" -ForegroundColor Green
@@ -29,15 +29,11 @@ function EnsureRequiredModules {
                 return $false
             }
         }
-        else {
-            Write-Host "Module $module is already installed" -ForegroundColor Green
-        }
 
         # Import the module if not already imported
         if (!(Get-Module -Name $module)) {
             try {
                 Import-Module -Name $module -Force
-                Write-Host "Successfully imported $module" -ForegroundColor Green
             }
             catch {
                 Write-Error "Failed to import module $module`: $_"

src/agentid/Invoke-MsIdAgentIdInteractive.ps1

@@ -23,6 +23,13 @@ function Invoke-MsIdAgentIdInteractive {
     $october1_2025 = [DateTime]::new(2025, 10, 1, 0, 0, 0)
     $blueprintNumber = [int]((Get-Date) - $october1_2025).TotalSeconds
 
+    Write-Host "Connecting to Microsoft Graph with all the permissions needed to create and manage" -ForegroundColor Yellow
+    Write-Host "Agent Identity Blueprints and Agent Users" -ForegroundColor Yellow
+
+    # Ensure required modules are available and connect as admin
+    Connect-MsIdEntraAsUser -Scopes @('AgentIdentityBlueprint.Create', 'AgentIdentityBlueprintPrincipal.Create', 'AppRoleAssignment.ReadWrite.All', 'Application.ReadWrite.All', 'User.ReadWrite.All')
+
+
     $bluePrintDisplayName = Read-Host "Enter a display name for the Agent Identity Blueprint (or press Enter for default)"
     if (-not $bluePrintDisplayName -or $bluePrintDisplayName.Trim() -eq "") {
         $bluePrintDisplayName = "Agent Identity Blueprint Example $blueprintNumber"
@@ -32,24 +39,47 @@ function Invoke-MsIdAgentIdInteractive {
     # Get current user as sponsor
     try {
         $currentUserUpn = (Get-MgContext).Account
-        $currentUserId = (Get-MgUser -UserId $currentUserUpn).Id
+        # Get user's OID directly using their UPN
+        $currentUser = Get-MgUser -Filter "userPrincipalName eq '$currentUserUpn'" -Property Id
+        $currentUserId = $currentUser.Id
     }
     catch {
         $currentUserUpn = $null
         $currentUserId = $null
     }
+
     if ($currentUserUpn) {
         $useCurrentUserId = Read-Host "Use current user ($currentUserUpn) as sponsor? (y/n)"
         if ($null -eq $useCurrentUserId -or $useCurrentUserId -eq "y") {
             Write-Host "Using current user as default sponsor: $currentUserUpn" -ForegroundColor Gray
             $SponsorUserIds = @($currentUserId)
+            $useSponsor = $true
+        } else {
+            $useSponsor = $false
         }
+    } else {
+        $useSponsor = $false
     }
 
     # Step 1: Create Agent Identity Blueprint with all parameters (no prompting)
-    $blueprint1 = New-MsIdAgentIdentityBlueprint -DisplayName $bluePrintDisplayName -SponsorUserIds $SponsorUserIds
+    try {
+        if ($useSponsor) {
+            $blueprint1 = New-MsIdAgentIdentityBlueprint -DisplayName $bluePrintDisplayName -SponsorUserIds $SponsorUserIds
+        } else {
+            $blueprint1 = New-MsIdAgentIdentityBlueprint -DisplayName $bluePrintDisplayName
+        }
 
-    Write-Host "Created Blueprint ID: $($blueprint1.AgentBlueprintId)" -ForegroundColor Green
+        if ($blueprint1) {
+            Write-Host "Created Blueprint ID: $blueprint1" -ForegroundColor Green
+        } else {
+            Write-Error "Failed to create Agent Identity Blueprint - no ID returned"
+            return
+        }
+    }
+    catch {
+        Write-Error "Failed to create Agent Identity Blueprint: $_"
+        return
+    }
     Write-Host ""
 
     # ===================================================================
@@ -112,7 +142,7 @@ function Invoke-MsIdAgentIdInteractive {
 
         # Step 4: Configure inheritable permissions (what permissions agent users will get)
         $inheritablePerms = Add-MsIdInheritablePermissionsToAgentIdentityBlueprint -Scopes @("user.read", "mail.read", "calendars.read")
-        Write-Host "Configured inheritable permissions: $($inheritablePerms.Scopes -join ', ')" -ForegroundColor Cyan
+        Write-Host "Configured inheritable permissions: $($inheritablePerms.InheritableScopes -join ', ')" -ForegroundColor Cyan
     }
     else {
         Write-Host "Skipping inheritable permissions configuration." -ForegroundColor Gray
@@ -156,7 +186,7 @@ function Invoke-MsIdAgentIdInteractive {
 
     # Step 6: Create the service principal for the blueprint
     $principal1 = New-MsIdAgentIdentityBlueprintPrincipal
-    Write-Host "Created Service Principal ID: $($principal1.ServicePrincipalId)" -ForegroundColor Green
+    Write-Host "Created Service Principal ID: $($principal1.id)" -ForegroundColor Green
 
     # Step 7: Grant permission to create agent users (only if user chose to have Agent ID users)
     if ($hasAgentIDUsers) {
@@ -322,15 +352,11 @@ function Invoke-MsIdAgentIdInteractive {
     else {
         Write-Host "- 9-10. Agent Identity and User creation (not completed)" -ForegroundColor Gray
     }
-    Write-Host ""
-
-    Write-Host "Available functions:" -ForegroundColor Yellow
-    Get-Command -Module MSIdentityTools | Where-Object { $_.Name -like "*Agent*" } | Format-Table Name, CommandType -AutoSize
 
     Write-Host ""
     Write-Host "Module state:" -ForegroundColor Yellow
-    Write-Host "Current Blueprint ID: $($blueprint1.AgentBlueprintId)" -ForegroundColor White
-    Write-Host "Current Service Principal ID: $($principal1.ServicePrincipalId)" -ForegroundColor White
+    Write-Host "Current Blueprint ID: $blueprint1" -ForegroundColor White
+    Write-Host "Current Service Principal ID: $($principal1.id)" -ForegroundColor White
     Write-Host "Total Agent Identities created: $($allAgentIdentities.Count)" -ForegroundColor White
     Write-Host "Total Agent Users created: $($allAgentUsers.Count)" -ForegroundColor White
     Write-Host "Last Agent Identity ID: $(if ($agentIdentity) { $agentIdentity.id } else { 'None created' })" -ForegroundColor White

src/agentid/New-MsIdAgentIdentityBlueprint.ps1

@@ -98,6 +98,10 @@ function New-MsIdAgentIdentityBlueprint {
     try {
         $BlueprintRes = Invoke-MgGraphRequest -Method Post -Uri "https://graph.microsoft.com/beta/applications/graph.agentIdentityBlueprint" -Body $JsonBody
 
+        # Display the full response from the Graph API call
+        Write-Host "Graph API Response:" -ForegroundColor Cyan
+        $BlueprintRes | ConvertTo-Json -Depth 5 | Write-Host -ForegroundColor Gray
+
         # Extract and store the blueprint ID
         $AgentBlueprintId = $BlueprintRes.id
         Write-Host "Successfully created Agent Identity Blueprint" -ForegroundColor Green
@@ -106,10 +110,8 @@ function New-MsIdAgentIdentityBlueprint {
         # Store the ID in module-level variable for use by other functions
         $script:CurrentAgentBlueprintId = $AgentBlueprintId
 
-        # Add the ID to the response object for easy access
-        $BlueprintRes | Add-Member -MemberType NoteProperty -Name "AgentBlueprintId" -Value $AgentBlueprintId -Force
-
-        return $BlueprintRes
+        # Return only the AgentBlueprintId instead of the full response
+        return $AgentBlueprintId
     }
     catch {
         Write-Error "Failed to create Agent Identity Blueprint: $_"