Fixed macos loading issues and warning

Author: merill

src/powershell/Initialize-Dependencies.ps1

@@ -131,10 +131,11 @@ function Initialize-Dependencies {
         Write-Host -Object "`r`n" -ForegroundColor Yellow
         Write-Host -Object '⚠️ Warning: The ZeroTrustAssessment module is designed to run on Windows, in PowerShell 7.'
         Write-Host -Object 'Some pillars require modules that can only run on Windows PowerShell (Windows PowerShell 5.1) with implicit remoting.' -ForegroundColor Yellow
-        # skipping module installation.
+        Write-Host -Object 'The following Windows-only modules will not be available: AipService, Microsoft.Online.SharePoint.PowerShell' -ForegroundColor Yellow
         #endregion
     }
-    elseif (-not $SkipModuleInstallation.IsPresent)
+
+    if (-not $SkipModuleInstallation.IsPresent)
     {
         Write-Host -Object "`r`n"
         Write-Host -Object ('Resolving {0} dependencies...' -f $allModuleDependencies.Count) -ForegroundColor Green
@@ -229,7 +230,7 @@ function Initialize-Dependencies {
         else {
             Write-Host -Object "`r`n"
             Write-Host -Object 'Asserting MSAL loading order for dependencies...' -ForegroundColor Green
-            $helperPath = Join-Path -Path $PSScriptRoot -ChildPath "private\utility\Get-ModuleImportOrder.ps1" -Resolve -ErrorAction Stop
+            $helperPath = Join-Path -Path $PSScriptRoot -ChildPath "private/utility/Get-ModuleImportOrder.ps1" -Resolve -ErrorAction Stop
             . $helperPath
             Write-Verbose -Message ('Module with DLLs to load: {0}' -f (([Microsoft.PowerShell.Commands.ModuleSpecification[]]$moduleManifest.RequiredModules).Name -join ', '))
             # This method does not necessarily load the right dll (it ignores the load logic from the modules)
@@ -261,6 +262,74 @@ function Initialize-Dependencies {
                     }
                 }
             }
+
+            #region Pre-load shared DLLs (newest version wins) to prevent type mismatch errors
+            # Multiple modules ship different versions of shared DLLs like Microsoft.IdentityModel.Abstractions.dll.
+            # .NET loads the first version it encounters into the default AssemblyLoadContext, and subsequent loads of
+            # the same assembly name are ignored. If an older version loads first (e.g., EXO's 8.6.0.0), then code
+            # compiled against a newer version (e.g., Graph's Azure.Identity expecting 8.6.1.0) will fail with
+            # MissingMethodException because the type signatures don't match.
+            # Fix: find and pre-load the newest version of each shared DLL across all dependency modules.
+            #
+            # IMPORTANT: Only pre-load low-level type-definition DLLs that are shared across all modules in the
+            # default AssemblyLoadContext. Do NOT pre-load higher-level libraries like Azure.Identity.dll or
+            # Azure.Core.dll here — Az.Accounts uses its own AssemblyLoadContext (ALC) to isolate its versions
+            # of those DLLs, and pre-loading them into the default context interferes with ALC type unification,
+            # causing "Entry point was not found" errors during Azure authentication.
+            $sharedDllNames = @(
+                'Microsoft.IdentityModel.Abstractions.dll'
+            )
+
+            # Collect all module base directories from the import order candidates
+            $moduleBaseDirs = $msalToLoadInOrder | ForEach-Object { Split-Path -Path $_.DLLPath -Parent }
+            # Also include all candidate modules' full ModuleBase for broader search
+            $allModuleCandidates = $msalToLoadInOrder | ForEach-Object {
+                $candidateModule = Get-Module -Name $_.Name -ListAvailable | Select-Object -First 1
+                if ($candidateModule) { $candidateModule.ModuleBase }
+            }
+            $searchDirs = @($moduleBaseDirs) + @($allModuleCandidates) | Where-Object { $_ } | Select-Object -Unique
+
+            foreach ($dllName in $sharedDllNames) {
+                $assemblyShortName = [System.IO.Path]::GetFileNameWithoutExtension($dllName)
+
+                # Skip if already loaded
+                if ([System.AppDomain]::CurrentDomain.GetAssemblies().Where{ $_.GetName().Name -eq $assemblyShortName }) {
+                    Write-Verbose -Message ("Shared DLL {0} is already loaded, skipping." -f $dllName)
+                    continue
+                }
+
+                # Search all dependency module directories recursively for this DLL
+                $allCopies = foreach ($dir in $searchDirs) {
+                    $searchRoot = $dir
+                    # Walk up to the module version root to search all subdirectories (e.g., Dependencies/, netCore/, lib/)
+                    $parentDir = Split-Path -Path $dir -Parent
+                    if ($parentDir -and (Test-Path $parentDir)) { $searchRoot = $parentDir }
+
+                    Get-ChildItem -Path $searchRoot -Filter $dllName -File -Recurse -Force -ErrorAction SilentlyContinue
+                }
+
+                if (-not $allCopies) {
+                    Write-Verbose -Message ("No copies of {0} found in dependency modules." -f $dllName)
+                    continue
+                }
+
+                # Pick the newest version
+                $newestDll = $allCopies |
+                    Where-Object { $_.VersionInfo.FileVersion } |
+                    Sort-Object -Property { [version]($_.VersionInfo.FileVersion) } -Descending |
+                    Select-Object -First 1
+
+                if ($newestDll) {
+                    try {
+                        $null = [System.Reflection.Assembly]::LoadFrom($newestDll.FullName)
+                        Write-Host -Object ('    ✅ Pre-loaded {0} v{1} from {2}' -f $dllName, $newestDll.VersionInfo.FileVersion, $newestDll.DirectoryName) -ForegroundColor Green
+                    }
+                    catch {
+                        Write-Debug -Message ("Failed to pre-load shared DLL {0}: {1}" -f $newestDll.FullName, $_)
+                    }
+                }
+            }
+            #endregion
         }
     }
     catch {

src/powershell/public/Connect-ZtAssessment.ps1

@@ -117,11 +117,25 @@ function Connect-ZtAssessment {
 	}
 
 
-	$OrderedImport = Get-ModuleImportOrder -Name @('Az.Accounts', 'ExchangeOnlineManagement', 'Microsoft.Graph.Authentication', 'Microsoft.Online.SharePoint.PowerShell', 'AipService')
+	$moduleNamesForImportOrder = @('Az.Accounts', 'ExchangeOnlineManagement', 'Microsoft.Graph.Authentication')
+	if ($IsWindows) {
+		$moduleNamesForImportOrder += @('Microsoft.Online.SharePoint.PowerShell', 'AipService')
+	}
+	$OrderedImport = Get-ModuleImportOrder -Name $moduleNamesForImportOrder
+
+	# Build the ordered list of service module names to connect.
+	# Start with the MSAL-ordered modules, then append any expected modules not found by Get-ModuleImportOrder
+	# so that connection is always attempted for requested services even if MSAL DLL detection fails.
+	$connectionOrder = @($OrderedImport.Name)
+	foreach ($name in $moduleNamesForImportOrder) {
+		if ($name -notin $connectionOrder) {
+			$connectionOrder += $name
+		}
+	}
 
-	Write-Verbose "Import Order: $($OrderedImport.Name -join ', ')"
+	Write-Verbose "Import Order: $($connectionOrder -join ', ')"
 
-	switch ($OrderedImport.Name) {
+	switch ($connectionOrder) {
 		'Microsoft.Graph.Authentication' {
 			if ($Service -contains 'Graph' -or $Service -contains 'All') {
 				Write-Host "`nConnecting to Microsoft Graph" -ForegroundColor Yellow
@@ -133,6 +147,22 @@ function Connect-ZtAssessment {
 					$contextTenantId = (Get-MgContext).TenantId
 				}
 				catch {
+					$isMsalConflict = $false
+					if ($_.Exception -is [System.MissingMethodException] -or $_.Exception.InnerException -is [System.MissingMethodException]) {
+						$msalException = if ($_.Exception.InnerException -is [System.MissingMethodException]) { $_.Exception.InnerException } else { $_.Exception }
+						if ($msalException.Message -like "*Microsoft.Identity.Client*") {
+							$isMsalConflict = $true
+						}
+					}
+					# Also detect the common pattern where the MissingMethodException is wrapped in another exception
+					if (-not $isMsalConflict -and $_.Exception.Message -like "*Method not found*Microsoft.Identity.Client*") {
+						$isMsalConflict = $true
+					}
+
+					if ($isMsalConflict) {
+						Write-Warning "DLL conflict detected: an incompatible version of Microsoft.Identity.Client.dll is loaded in this session."
+						Write-Warning "Please RESTART your PowerShell session and import ZeroTrustAssessment before any other module, then run Connect-ZtAssessment again."
+					}
 					Stop-PSFFunction -Message "Failed to authenticate to Graph" -ErrorRecord $_ -EnableException $true -Cmdlet $PSCmdlet
 				}
 
@@ -195,7 +225,7 @@ function Connect-ZtAssessment {
 				try {
 					if ($UseDeviceCode -and $PSVersionTable.PSEdition -eq 'Desktop') {
 						Write-Host 'The Exchange Online module in Windows PowerShell does not support device code flow authentication.' -ForegroundColor Red
-						Write-Host '💡Please use the Exchange Online module in PowerShell Core.' -ForegroundColor Yellow
+						Write-Host 'Please use the Exchange Online module in PowerShell Core.' -ForegroundColor Yellow
 					}
 					elseif ($UseDeviceCode) {
 						Connect-ExchangeOnline -ShowBanner:$false -Device:$UseDeviceCode -ExchangeEnvironmentName $ExchangeEnvironmentName
@@ -376,40 +406,46 @@ function Connect-ZtAssessment {
 	}
 
 	if ($Service -contains 'SharePointOnline' -or $Service -contains 'All') {
-		Write-Host "`nConnecting to SharePoint Online" -ForegroundColor Yellow
-		Write-PSFMessage 'Connecting to SharePoint Online'
-
-		# Determine Admin URL
-		$adminUrl = $SharePointAdminUrl
-		if (-not $adminUrl) {
-			# Try to infer from Graph context
-			if ($contextTenantId) {
-				try {
-					$org = Invoke-ZtGraphRequest -RelativeUri 'organization'
-					$initialDomain = $org.verifiedDomains | Where-Object { $_.isInitial } | Select-Object -ExpandProperty name -First 1
-					if ($initialDomain) {
-						$tenantName = $initialDomain.Split('.')[0]
-						$adminUrl = "https://$tenantName-admin.sharepoint.com"
-						Write-Verbose "Inferred SharePoint Admin URL: $adminUrl"
+		# SharePoint Online module only works on Windows
+		if (-not $IsWindows) {
+			Write-PSFMessage 'Skipping SharePoint Online connection - Microsoft.Online.SharePoint.PowerShell module is only supported on Windows.' -Level Warning
+		}
+		else {
+			Write-Host "`nConnecting to SharePoint Online" -ForegroundColor Yellow
+			Write-PSFMessage 'Connecting to SharePoint Online'
+
+			# Determine Admin URL
+			$adminUrl = $SharePointAdminUrl
+			if (-not $adminUrl) {
+				# Try to infer from Graph context
+				if ($contextTenantId) {
+					try {
+						$org = Invoke-ZtGraphRequest -RelativeUri 'organization'
+						$initialDomain = $org.verifiedDomains | Where-Object { $_.isInitial } | Select-Object -ExpandProperty name -First 1
+						if ($initialDomain) {
+							$tenantName = $initialDomain.Split('.')[0]
+							$adminUrl = "https://$tenantName-admin.sharepoint.com"
+							Write-Verbose "Inferred SharePoint Admin URL: $adminUrl"
+						}
+					}
+					catch {
+						Write-Verbose "Failed to infer SharePoint Admin URL from Graph: $_"
 					}
-				}
-				catch {
-					Write-Verbose "Failed to infer SharePoint Admin URL from Graph: $_"
 				}
 			}
-		}
 
-		if (-not $adminUrl) {
-			Write-Warning "SharePoint Admin URL not provided and could not be inferred. Skipping SharePoint connection."
-		}
-		else {
-			try {
-				Connect-SPOService -Url $adminUrl -ErrorAction Stop
-				Write-Verbose "Successfully connected to SharePoint Online."
+			if (-not $adminUrl) {
+				Write-Warning "SharePoint Admin URL not provided and could not be inferred. Skipping SharePoint connection."
 			}
-			catch {
-				Write-Host "`nFailed to connect to SharePoint Online: $_" -ForegroundColor Red
-				Write-PSFMessage "Failed to connect to SharePoint Online: $_" -Level Error
+			else {
+				try {
+					Connect-SPOService -Url $adminUrl -ErrorAction Stop
+					Write-Verbose "Successfully connected to SharePoint Online."
+				}
+				catch {
+					Write-Host "`nFailed to connect to SharePoint Online: $_" -ForegroundColor Red
+					Write-PSFMessage "Failed to connect to SharePoint Online: $_" -Level Error
+				}
 			}
 		}
 	}