Skip to content

Commit f734c3a

Browse files
KelvinTegelaarKelvinTegelaar
committed
app approval
1 parent d7c97b6 commit f734c3a

File tree

1 file changed

+45
-30
lines changed

1 file changed

+45
-30
lines changed

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1

Lines changed: 45 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -12,41 +12,56 @@ function Get-CIPPAlertNewAppApproval {
1212
$TenantFilter,
1313
$Headers
1414
)
15-
try {
16-
$Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
17-
if ($Approvals.count -gt 0) {
18-
$TenantGUID = (Get-Tenants -TenantFilter $TenantFilter -SkipDomains).customerId
19-
$AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
20-
foreach ($App in $Approvals) {
21-
$userConsentRequests = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests/$($App.id)/userConsentRequests" -tenantid $TenantFilter
22-
$userConsentRequests | ForEach-Object {
23-
$consentUrl = if ($App.consentType -eq 'Static') {
24-
# if something is going wrong here you've probably stumbled on a fourth variation - rvdwegen
25-
"https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
26-
} elseif ($App.pendingScopes.displayName) {
27-
"https://login.microsoftonline.com/$($TenantFilter)/v2.0/adminConsent?client_id=$($App.appId)&scope=$($App.pendingScopes.displayName -Join(' '))&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
28-
} else {
29-
"https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
15+
16+
Measure-CippTask -TaskName 'NewAppApprovalAlert' -EventName 'CIPP.AlertProfile' -Script {
17+
try {
18+
$Approvals = Measure-CippTask -TaskName 'GetAppConsentRequests' -EventName 'CIPP.AlertProfile' -Script {
19+
New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
20+
}
21+
22+
if ($Approvals.count -gt 0) {
23+
Measure-CippTask -TaskName 'ProcessApprovals' -EventName 'CIPP.AlertProfile' -Script {
24+
$TenantGUID = (Get-Tenants -TenantFilter $TenantFilter -SkipDomains).customerId
25+
$AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
26+
27+
foreach ($App in $Approvals) {
28+
$userConsentRequests = Measure-CippTask -TaskName 'GetUserConsentRequests' -EventName 'CIPP.AlertProfile' -Script {
29+
New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests/$($App.id)/userConsentRequests" -tenantid $TenantFilter
30+
}
31+
32+
$userConsentRequests | ForEach-Object {
33+
$consentUrl = if ($App.consentType -eq 'Static') {
34+
# if something is going wrong here you've probably stumbled on a fourth variation - rvdwegen
35+
"https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
36+
} elseif ($App.pendingScopes.displayName) {
37+
"https://login.microsoftonline.com/$($TenantFilter)/v2.0/adminConsent?client_id=$($App.appId)&scope=$($App.pendingScopes.displayName -Join(' '))&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
38+
} else {
39+
"https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
40+
}
41+
42+
$Message = [PSCustomObject]@{
43+
RequestId = $_.id
44+
AppName = $App.appDisplayName
45+
RequestUser = $_.createdBy.user.userPrincipalName
46+
Reason = $_.reason
47+
RequestDate = $_.createdDateTime
48+
Status = $_.status # Will allways be InProgress as we filter to only get these but this will reduce confusion when an alert is generated
49+
AppId = $App.appId
50+
Scopes = ($App.pendingScopes.displayName -join ', ')
51+
ConsentURL = $consentUrl
52+
Tenant = $TenantFilter
53+
TenantId = $TenantGUID
54+
}
55+
$AlertData.Add($Message)
56+
}
3057
}
3158

32-
$Message = [PSCustomObject]@{
33-
RequestId = $_.id
34-
AppName = $App.appDisplayName
35-
RequestUser = $_.createdBy.user.userPrincipalName
36-
Reason = $_.reason
37-
RequestDate = $_.createdDateTime
38-
Status = $_.status # Will allways be InProgress as we filter to only get these but this will reduce confusion when an alert is generated
39-
AppId = $App.appId
40-
Scopes = ($App.pendingScopes.displayName -join ', ')
41-
ConsentURL = $consentUrl
42-
Tenant = $TenantFilter
43-
TenantId = $TenantGUID
59+
Measure-CippTask -TaskName 'WriteAlertTrace' -EventName 'CIPP.AlertProfile' -Script {
60+
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
4461
}
45-
$AlertData.Add($Message)
4662
}
4763
}
48-
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
64+
} catch {
4965
}
50-
} catch {
5166
}
5267
}

0 commit comments

Comments
 (0)