search

invictus-ir / Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
https://microsoft-365-extractor-suite.readthedocs.io/en/latest/
GNU General Public License v2.0
481 stars 68 forks source link

Passing parameters for functions in `Connect.ps1` #100

Closed Calvindd2f closed 2 weeks ago

Calvindd2f commented 1 month ago

I was thinking of a change for the functions in Connect.ps1. The changes would just allow parameter pass-thru for the underlying modules allowing different ways to connect.

Here is what I have so far:

Function Connect-M365
{
    PARAM(
        [string]
        $ConnectionUri,
        [string]
        $AzureADAuthorizationEndpointUri,
        [ValidateSet('O365China', 'O365Default', 'O365GermanyCloud', 'O365USGovDoD', 'O365USGovGCCHigh')]
        [string]
        $ExchangeEnvironmentName,
        [string[]]
        $PSSessionOptions,
        [string]
        $DelegatedOrganization,
        [string]
        $Prefix,
        [string[]]
        $CommandName,
        [string[]]
        $FormatTypeName,
        [string]
        $AccessToken,
        [string]
        $AppId,
        [switch]
        $BypassMailboxAnchoring,
        [X509Certificate]
        $Certificate,
        [string]
        $CertificateFilePath,
        [SecureString]
        $CertificatePassword,
        [string]
        $CertificateThumbprint,
        [PSCredential]
        $Credential,
        [switch]
        $Device,
        [switch]
        $EnableErrorReporting,
        [switch]
        $InlineCredential,
        [string]
        $LogDirectoryPath,
        [string]
        $LogLevel,
        [switch]
        $ManagedIdentity,
        [string]
        $ManagedIdentityAccountId,
        [string]
        $Organization,
        [int]
        $PageSize,
        [switch]
        $ShowBanner,
        [X509Certificate]
        $SigningCertificate,
        [switch]
        $SkipLoadingCmdletHelp,
        [switch]
        $SkipLoadingFormatData,
        [Boolean]
        $TrackPerformance,
        [Boolean]
        $UseMultithreading,
        [string]
        $UserPrincipalName,
        [Switch]
        $UseRPSSession
    )
    versionCheck
    Connect-ExchangeOnline @PSBoundParameters > $null;
}

Function Connect-Azure
{
    PARAM(
        [ValidateSet('AzureChinaCloud', 'AzureCloud', 'AzureGermanyCloud', 'AzurePPE', 'AzureUSGovernment', 'AzureUSGovernment2', 'AzureUSGovernment3')]
        [string]
        $AzureEnvironmentName,
        [string]
        $TenantId,
        [pscredential]
        $Credential,
        [string]
        $CertificateThumbprint,
        [string]
        $ApplicationId,
        [string]
        $AadAccessToken,
        [string]
        $MsAccessToken,
        [string]
        $AccountId,
        [ValidateSet('Error', 'Info', 'None', 'Warning')]
        [string]
        $LogLevel,
        [string]
        $LogFilePath,
        [switch]
        $WhatIf,
        [switch]
        $Confirm,
        [Switch]
        $Verbose,
        [switch]
        $Debug
    )
    versionCheck
    Connect-AzureAD @PSBoundParameters > $null;
}

Function Connect-AzureAZ
{
    PARAM(
        [String]
        $AccessToken ,
        [String]
        $AccountId ,
        [String]
        $ApplicationId ,
        [String]
        $AuthScope ,
        [SecureString]
        $CertificatePassword,
        [String]
        $CertificatePath ,
        [String]
        $CertificateThumbprint ,
        [String]
        $ContextName ,
        [PSCredential]
        $Credential,
        [string]
        $DefaultProfile ,
        [String]
        $Environment ,
        [String]
        $FederatedToken ,
        [switch]
        $Force ,
        [String]
        $GraphAccessToken ,
        [switch]
        $Identity,
        [String]
        $KeyVaultAccessToken ,
        [int]
        $MaxContextPopulation,
        [String]
        $MicrosoftGraphAccessToken ,
        [ValidateSet('CurrentUser', 'Process')]
        [string]
        $Scope,
        [switch]
        $SendCertificateChain,
        [switch]
        $ServicePrincipal,
        [switch]
        $SkipContextPopulation ,
        [switch]
        $SkipValidation ,
        [String]
        $Subscription ,
        [String]
        $Tenant ,
        [switch]
        $UseDeviceAuthentication,
        [switch]
        $Confirm,
        [switch]
        $WhatIf
    )
    versionCheck
    Connect-AzAccount @PSBoundParameters > $null;
}

This would allow you to pass the originating module parameters like below:

Connect-M365 -AccessToken $access_token -UserPrincipalName 'c@lvin.ie'

JoeyInvictus commented 1 month ago

Hi, sorry for the late response. I just got back from holiday. Thanks for providing the code snippets, they look useful, and I'll play around with them a bit and add them to the next update!

JoeyInvictus commented 2 weeks ago

Added it to the new update! Thanks again :)