Open satyajit321 opened 1 year ago
Also keen to see this implemented. Following.
It would be great if this is implemented. Following. Sep 2023 - still no update or implementation/alternatives on this. Yet Microsoft releases more SelfService purchase stuff.
+1, automated connection is a standard requirement
New Module is released 3 days ago, but not updates around automations or CBA support. Atleast provide the MS Graph steps and permission details published so that we can build our own.
It seems that Graph-support is not on the radar for the team - which is a shame when everything and the kitchen-sink is moving to Graph. Access to SelfPurchasePolicies is currently only possible via the MS SPN 'M365 License Manager' that supports delegated permissions but certainly not modern auth. It is possible to modify the Connect-MSCommerce-function to enable support for TenantId and Credential but I agree that this is not Modern Auth. Given that the required permissions are hidden by the MS app there's really nothing we 'outsiders' can do - except call for a change. I've posted a question but probably in the wrong place. https://github.com/MicrosoftDocs/microsoft-365-docs/issues/12880 If you know of a better place, please update this thread.
I've put in a suggestion for the Graph-team, please upvote https://feedbackportal.microsoft.com/feedback/idea/72d03931-905e-ee11-a81c-0022484e5453
An update: If you obtain an accesstoken using ie MSAL.PS you can provide that to the functions in MSCommerce that support the parameter -Token. I've created an experimental implementation in a PR and how someone more seasoned in this repo can guide me
I have tried using token issued by my own app, but even if it has admin privileges it doesn't seem to be working. What are the plans to allow Certificate Based Authentication or AppID based Oauth logins. The PowerShell gallery has deploy to azure automation, but how will you manage the prompt. Basic auth isn't something we should be doing as we can see in the workarounds so far.
$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
Is there a way we can directly query the graph endpoint, to get what we need.
$baseUri = "https://licensing.m365.microsoft.com" $restPath = "$baseUri/v1.0/policies"
Invoke-RestMethod : The remote server returned an error: (403) Forbidden. At line:33 char:16
References: https://www.powershellgallery.com/packages/MSCommerce/1.8 https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide
New connection to MSCommerce · Issue #46 - GitHub Providing scripted credentials or PSSession ... - GitHub