We will retire AAD Graph API any time after June 30th

[SYSMANTEAM]

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-change-management-simplified/ba-p/2967456

Would be good if this could be created using the Microsoft Graph functions as the current Connect-AzureAD will be expiring end of June 2023 and this will render this script useless..

I have been using this script for some time now, and it works great and would be a shame to lose it due to this..

I am also looking at trying to migrate this to use the latest and greatest technology.

[DirkBaltissen]

You must first create an App registration in Entra, after which you can set the signature again with the script below

Create App Registration:

• https://entra.microsoft.com
• Applications --> App registrations --> + New registration
• Give the app a name, e.g. EmailSignatureRead and click on 'Register'
• Make a note of the Application (client) ID and Directory (tenant) ID
• Navigate to 'Certificates & secrets', create a Client Secret and note the 'Secret Value' (visible only once)
• Navigate to 'API permissions', click on '+ Add a permission' --> Microsoft Graph --> Application permissions --> search for: 'User.Read.All' and add it.
• Back in the 'API permissions' screen, remove the 'User.Read' and click on 'Grand admin consent for '.

Adjust the variables of the 'App registration' Two values in the script have been changed:

1. Mobile = MobilePhone
2. TelephoneNumber = BusinessPhones

The modified script:

# Win32 app runs PowerShell in 32-bit by default. AzureAD module requires PowerShell in 64-bit, so we are going to trigger a rerun in 64-bit.
if ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") {
    try {
        & "$env:WINDIR\SysNative\WindowsPowershell\v1.0\PowerShell.exe" -File $PSCommandPath
    }
    catch {
        throw "Failed to start $PSCommandPath"
    }
    exit
}

Start-Transcript -Path "$($env:TEMP)\IntuneSignatureManagerForOutlook-log.txt" -Force

# Install NuGet Package Provider
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope CurrentUser -Force

# Install Microsoft Graph Users module to retrieve the user information
Install-Module -Name Microsoft.Graph.Users -Scope CurrentUser -Force

# Variables App registration
$clientId = "<Application (client) ID>"
$clientSecret = "<Application Secret Value>"
$tenantId = "<Directory (tenant) ID>"
$scope = "https://graph.microsoft.com/.default"

# Acquiring access token
$tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$tokenRequestBody = @{
    "client_id"     = $clientId
    "client_secret" = $clientSecret
    "scope"         = $scope
    "grant_type"    = "client_credentials"
}
$tokenResponse = Invoke-RestMethod -Uri $tokenEndpoint -Method POST -Body $tokenRequestBody
$accessToken = $tokenResponse.access_token

# Convert access token to SecureString
$SecureString = ConvertTo-SecureString -String "$accessToken" -AsPlainText -Force

# Connect to Microsoft Graph
Connect-MgGraph -AccessToken $SecureString

# Get the user information
$userPrincipalName = whoami -upn
$userObject = Get-MgUser -Filter "userPrincipalName eq '$userPrincipalName'" -Select "displayName,givenName,surname,mail,mobilePhone,businessPhones,jobTitle,department,city,streetAddress,postalCode,country"

# Create signatures folder if not exists
if (-not (Test-Path "$($env:APPDATA)\Microsoft\Signatures")) {
    $null = New-Item -Path "$($env:APPDATA)\Microsoft\Signatures" -ItemType Directory
}

# Get all signature files
$signatureFiles = Get-ChildItem -Path "$PSScriptRoot\Signatures"

foreach ($signatureFile in $signatureFiles) {
    if ($signatureFile.Name -like "*.htm" -or $signatureFile.Name -like "*.rtf" -or $signatureFile.Name -like "*.txt") {
        # Get file content with placeholder values
        $signatureFileContent = Get-Content -Path $signatureFile.FullName

        # Replace placeholder values
        $signatureFileContent = $signatureFileContent -replace "%DisplayName%", $userObject.DisplayName
        $signatureFileContent = $signatureFileContent -replace "%GivenName%", $userObject.GivenName
        $signatureFileContent = $signatureFileContent -replace "%Surname%", $userObject.Surname
        $signatureFileContent = $signatureFileContent -replace "%Mail%", $userObject.Mail
        $signatureFileContent = $signatureFileContent -replace "%Mobile%", $userObject.MobilePhone
        $signatureFileContent = $signatureFileContent -replace "%TelephoneNumber%", $userObject.BusinessPhones
        $signatureFileContent = $signatureFileContent -replace "%JobTitle%", $userObject.JobTitle
        $signatureFileContent = $signatureFileContent -replace "%Department%", $userObject.Department
        $signatureFileContent = $signatureFileContent -replace "%City%", $userObject.City
        $signatureFileContent = $signatureFileContent -replace "%Country%", $userObject.Country
        $signatureFileContent = $signatureFileContent -replace "%StreetAddress%", $userObject.StreetAddress
        $signatureFileContent = $signatureFileContent -replace "%PostalCode%", $userObject.PostalCode
        $signatureFileContent = $signatureFileContent -replace "%Country%", $userObject.Country
        $signatureFileContent = $signatureFileContent -replace "%State%", $userObject.State
        $signatureFileContent = $signatureFileContent -replace "%PhysicalDeliveryOfficeName%", $userObject.PhysicalDeliveryOfficeName

        # Set file content with actual values in $env:APPDATA\Microsoft\Signatures
        Set-Content -Path "$($env:APPDATA)\Microsoft\Signatures\$($signatureFile.Name)" -Value $signatureFileContent -Force
    } elseif ($signatureFile.getType().Name -eq 'DirectoryInfo') {
        Copy-Item -Path $signatureFile.FullName -Destination "$($env:APPDATA)\Microsoft\Signatures\$($signatureFile.Name)" -Recurse -Force
    }
}

Stop-Transcript

[akiraasano7]

Hi Dirk,

I've tried deploying the Win32App via intune using the install command, however looks like the install command doesn't install the package on the device.

[DirkBaltissen]

When you run the install-script in e.g. Powershell ISE, do you see an error, if so which one?

Does the log file show a message? C:\Users\\AppData\Local\Temp\IntuneSignatureManagerForOutlook-log.txt

I updated the script one more time, since the access token needs to be converted to a secure string for authentication to Microsoft Graph.

[akiraasano7]

Had a couple errors before hand

1. Placed the wrong Client Secret ID - Fixed
2. Updated the new script based on your changes
3. Cannot locate the Signature - Looks like it requires to be on t IntuneSignatureManagerForOutlook-log.txt [IntuneSignatureManagerForOutlook-log_UPDATED.txt](https://github.com/jseerden/IntuneEmailSignatureManagement/files/12330527/IntuneSignatureManagerForOutlook-log_UPDATED.txt) he Desktop\Signatures

After changing and correcting the errors, the txt file looks like this (attached file). However, It doesn't show in the Outlook client app

[DirkBaltissen]

The signature files are written to the following location: %AppData%\Microsoft\Signatures. It is possible that the created signature is not visible in Outlook due to recent office roaming adjustments. To make the signatures visible again, you can set a registery key on all machines, which one you can read below:

https://support.itsolver.net/hc/en-au/articles/5630025202575-How-do-I-turn-off-roaming-signatures-with-Outlook-365-

You can choose to disable ALL roaming settings, you do this by activating the following ADMX in Intune: Disable roaming settings in Outlook

If you only want to set it for the signature, you can add the registery key as in the link above. For this I have made a remediation script that you can use if you want.

Note: Because the key must be added in the HKCU, the script must be started under user context

Detection:

## Variables
$Office = "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
$Path = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Setup\"
$Name = "DisableRoamingSignaturesTemporaryToggle"
$Type = "DWORD"
$Value = "1"

## Check whether Office (Outlook) is installed
if(test-path -Path "$Office")
{
    ## Check whether the key is there and whether the value is correct
    Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value)
    {
        Write-Output "Key found, value correct!"
        Exit 0
    } 
        Write-Output "Key found, value incorrect!"
        Exit 1
    }
    Catch 
    {
        Write-Output "Key not found"
        Exit 1
    }
}
else
{
    Write-Output "Office not installed"
    exit 0
}

Remediation:

## Variables
$Path = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Setup\"
$Name = "DisableRoamingSignaturesTemporaryToggle"
$Type = "DWORD"
$Value = "1"

## Create and set key
New-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value

## Check if key has been created
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
If ($Registry -eq $Value)
    {
        Write-Output "Key set!"
        Exit 0
    }