silverhack
diff --git a/‎core/analysis/Invoke-AzureScanner.ps1‎
Lines changed: 0 additions & 4 deletions b/‎core/analysis/Invoke-AzureScanner.ps1‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎core/analysis/Invoke-AzureADScanner.ps1‎ renamed to ‎core/analysis/Invoke-EntraIDScanner.ps1‎
Lines changed: 0 additions & 4 deletions b/‎core/analysis/Invoke-AzureADScanner.ps1‎ renamed to ‎core/analysis/Invoke-EntraIDScanner.ps1‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎core/analysis/Invoke-M365Scanner.ps1‎
Lines changed: 0 additions & 4 deletions b/‎core/analysis/Invoke-M365Scanner.ps1‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎core/api/auth/Connect-MonkeyCloud.ps1‎
Lines changed: 37 additions & 30 deletions b/‎core/api/auth/Connect-MonkeyCloud.ps1‎
Lines changed: 37 additions & 30 deletions
diff --git a/‎core/api/auth/generic/Connect-MonkeyGenericApplication.ps1‎
Lines changed: 42 additions & 4 deletions b/‎core/api/auth/generic/Connect-MonkeyGenericApplication.ps1‎
Lines changed: 42 additions & 4 deletions
diff --git a/‎core/api/auth/microsoft365/Connect-MonkeyM365.ps1‎
Lines changed: 97 additions & 16 deletions b/‎core/api/auth/microsoft365/Connect-MonkeyM365.ps1‎
Lines changed: 97 additions & 16 deletions
@@ -135,9 +135,5 @@ Function Invoke-AzureScanner{
     Catch{
         Write-Error $_
     }
-    Finally{
-        #Perform garbage collection
-        [System.GC]::GetTotalMemory($true) | out-null
-    }
 }
 
@@ -73,9 +73,5 @@ Function Invoke-EntraIDScanner{
     Catch{
         Write-Error $_
     }
-    Finally{
-        #Perform garbage collection
-        [gc]::Collect()
-    }
 }
 
@@ -85,9 +85,5 @@ Function Invoke-M365Scanner{
     Catch{
         Write-Error $_
     }
-    Finally{
-        #Perform garbage collection
-        [gc]::Collect()
-    }
 }
 
@@ -194,14 +194,44 @@ Function Connect-MonkeyCloud{
     }
     #Get licensing information
     $O365Object.Licensing = Get-MonkeySKUInfo
+    #Check If current identity can request users and groups from Microsoft Graph
+    $p = @{
+        InformationAction = $O365Object.InformationAction;
+        Verbose = $O365Object.verbose;
+        Debug = $O365Object.Debug;
+    }
+    $O365Object.canRequestUsersFromMsGraph = Test-CanRequestUser @p
+    $O365Object.canRequestGroupsFromMsGraph = Test-CanRequestGroup @p
+    #Get information about current identity
+    $O365Object.me = Get-MonkeyMe @p
+    #Check If connected to Azure AD
+    If($O365Object.canRequestUsersFromMsGraph -eq $false -and $null -eq $O365Object.Tenant.CompanyInfo){
+        $msg = @{
+            MessageData = ($message.NotConnectedTo -f "Microsoft Entra ID");
+            callStack = (Get-PSCallStack | Select-Object -First 1);
+            logLevel = 'warning';
+            InformationAction = $O365Object.InformationAction;
+            Tags = @('Monkey365GraphAPIError');
+        }
+        Write-Warning @msg
+        $O365Object.onlineServices.EntraID = $false
+    }
+    Else{
+        $O365Object.onlineServices.EntraID = $true
+    }
     #Get actual userId
-    $authObject = $O365Object.auth_tokens.GetEnumerator() | Where-Object {$null -ne $_.Value} | Select-Object -ExpandProperty Value -First 1
-    If($null -ne $authObject){
-        $O365Object.userId = $authObject | Get-UserIdFromToken
+    If($O365Object.isConfidentialApp){
+        $O365Object.userId = $O365Object.me.id;
+    }
+    Else{
+        $authObject = $O365Object.auth_tokens.GetEnumerator() | Where-Object {$null -ne $_.Value} | Select-Object -ExpandProperty Value -First 1
+        If($null -ne $authObject){
+            $O365Object.userId = $authObject | Get-UserIdFromToken
+        }
     }
     #Get Azure AD permissions
     If($O365Object.isConfidentialApp){
-        $app_Permissions = Get-MonkeyMSGraphObjectDirectoryRole -ObjectId $O365Object.clientApplicationId -ObjectType servicePrincipal
+        $app_Permissions = Get-MonkeyMSGraphObjectDirectoryRole -ObjectId $O365Object.me.id -ObjectType servicePrincipal
         If($app_Permissions){
             $O365Object.aadPermissions = $app_Permissions
         }
@@ -236,7 +266,9 @@ Function Connect-MonkeyCloud{
     }
     #Check If requestMFA for users must be enabled by config
     try{
-        $requestMFA = $O365Object.internal_config.entraId.forceRequestMFA
+        $out = $null;
+        [void][bool]::TryParse($O365Object.internal_config.entraId.forceRequestMFA, [ref]$out);
+        $requestMFA = $out;
     }
     catch{
         $msg = @{
@@ -253,31 +285,6 @@ Function Connect-MonkeyCloud{
         #Force request MFA for users
         $O365Object.canRequestMFAForUsers = $true;
     }
-    #Check If current identity can request users and groups from Microsoft Graph
-    $p = @{
-        InformationAction = $O365Object.InformationAction;
-        Verbose = $O365Object.verbose;
-        Debug = $O365Object.Debug;
-    }
-    $O365Object.canRequestUsersFromMsGraph = Test-CanRequestUser @p
-    $O365Object.canRequestGroupsFromMsGraph = Test-CanRequestGroup @p
-    #Get information about current identity
-    $O365Object.me = Get-MonkeyMe @p
-    #Check If connected to Azure AD
-    If($O365Object.canRequestUsersFromMsGraph -eq $false -and $null -eq $O365Object.Tenant.CompanyInfo){
-        $msg = @{
-            MessageData = ($message.NotConnectedTo -f "Microsoft Entra ID");
-            callStack = (Get-PSCallStack | Select-Object -First 1);
-            logLevel = 'warning';
-            InformationAction = $O365Object.InformationAction;
-            Tags = @('Monkey365GraphAPIError');
-        }
-        Write-Warning @msg
-        $O365Object.onlineServices.EntraID = $false
-    }
-    Else{
-        $O365Object.onlineServices.EntraID = $true
-    }
     #Check If EntraID P2 is enabled
     If($null -ne $O365Object.Tenant.licensing -and $null -ne $O365Object.Tenant.licensing.EntraIDP2){
         $msg = @{
 
@@ -42,20 +42,40 @@ Function Connect-MonkeyGenericApplication {
         [Parameter(Mandatory=$true, HelpMessage="Resource to connect")]
         [String]$Resource,
 
+        [Parameter(Mandatory=$false, HelpMessage="MSAL Client Application")]
+        [Object]$Application,
+
         [Parameter(Mandatory=$false, HelpMessage="Redirect URI")]
         [String]$RedirectUri
     )
     Begin{
         #Set new params
         $new_params = @{}
-        foreach ($param in $O365Object.msal_application_args.GetEnumerator()){
+        ForEach ($param in $O365Object.msal_application_args.GetEnumerator()){
             $new_params.add($param.Key, $param.Value)
         }
     }
     Process{
-        if($O365Object.isConfidentialApp -eq $false){
+        If($O365Object.isConfidentialApp -eq $false){
+            #Check if passed application
+            If($PSBoundParameters.ContainsKey('Application') -and $PSBoundParameters['Application']){
+                If($PSBoundParameters['Application'] -is [Microsoft.Identity.Client.PublicClientApplication]){
+                    $new_params.publicApp = $PSBoundParameters['Application']
+                }
+                Else{
+                    $msg = @{
+                        MessageData = "Unable to get access token. Application is not a public client application";
+                        callStack = (Get-PSCallStack | Select-Object -First 1);
+                        logLevel = 'Warning';
+                        InformationAction = $O365Object.InformationAction;
+                        Tags = @('MonkeyGenericApplicationClientIdError');
+                    }
+                    Write-Warning @msg
+                    return
+                }
+            }
             #Check if application is present
-            if(($O365Object.msal_public_applications.Where({$_.ClientId -eq (Get-WellKnownAzureService -AzureService ("{0}" -f $AzureService))})).Count -gt 0){
+            ElseIf(($O365Object.msal_public_applications.Where({$_.ClientId -eq (Get-WellKnownAzureService -AzureService ("{0}" -f $AzureService))})).Count -gt 0){
                 $new_params.publicApp = $O365Object.msal_public_applications.Where({$_.ClientId -eq (Get-WellKnownAzureService -AzureService ("{0}" -f $AzureService))}) | Select-Object -First 1
                 #Add silent
                 if(-NOT $new_params.ContainsKey('Silent')){
@@ -122,10 +142,28 @@ Function Connect-MonkeyGenericApplication {
                 }
             }
             #Add redirect URI if present
-            if($PSBoundParameters.ContainsKey('RedirectUri') -and $PSBoundParameters['RedirectUri']){
+            If($PSBoundParameters.ContainsKey('RedirectUri') -and $PSBoundParameters['RedirectUri']){
                 $new_params.publicApp.RedirectUri = $PSBoundParameters['RedirectUri'];
             }
         }
+        Else{
+            If($PSBoundParameters.ContainsKey('Application') -and $PSBoundParameters['Application']){
+                If($PSBoundParameters['Application'] -is [Microsoft.Identity.Client.ConfidentialClientApplication]){
+                    $new_params.confidentialApp = $PSBoundParameters['Application']
+                }
+                Else{
+                    $msg = @{
+                        MessageData = "Unable to get access token. Application is not a confidential client application";
+                        callStack = (Get-PSCallStack | Select-Object -First 1);
+                        logLevel = 'Warning';
+                        InformationAction = $O365Object.InformationAction;
+                        Tags = @('MonkeyGenericApplicationClientIdError');
+                    }
+                    Write-Warning @msg
+                    return
+                }
+            }
+        }
         #Add resource to param
         [void]$new_params.add('Resource', $Resource)
         #Try to get token
 
@@ -454,14 +454,55 @@ Function Connect-MonkeyM365{
                 }
                 Write-Information @msg
                 #Connect to Fabric
-                $p = @{
-                    Resource = $O365Object.Environment.Fabric;
-                    AzureService = "AzurePowershell";
-                    InformationAction = $O365Object.InformationAction;
-                    Verbose = $O365Object.verbose;
-                    Debug = $O365Object.debug;
+                If($O365Object.isConfidentialApp){
+                    If($O365Object.initParams.GetEnumerator().Where({$_.Key -eq 'PowerBIClientId'}).Count -gt 0){
+                        $application = $O365Object.msal_confidential_applications.Where({$_.ClientId -eq $O365Object.initParams.Item('PowerBIClientId')}) | Select-Object -First 1 -ErrorAction Ignore
+                        If($application){
+                            $p = @{
+                                Resource = $O365Object.Environment.Fabric;
+                                Application = $application;
+                                InformationAction = $O365Object.InformationAction;
+                                Verbose = $O365Object.verbose;
+                                Debug = $O365Object.debug;
+                            }
+                            #Connect to Microsoft Fabric
+                            $O365Object.auth_tokens.Fabric = Connect-MonkeyGenericApplication @p
+                        }
+                        Else{
+                            $msg = @{
+                                MessageData = "Unable to connect to Microsoft Fabric. Confidential application was not found";
+                                callStack = (Get-PSCallStack | Select-Object -First 1);
+                                logLevel = 'warning';
+                                InformationAction = $O365Object.InformationAction;
+                                Tags = @('Monkey365FabricError');
+                            }
+                            Write-Warning @msg
+                            return
+                        }
+                    }
+                    Else{
+                        $msg = @{
+                            MessageData = "Unable to connect to Microsoft Fabric. Confidential application was not found";
+                            callStack = (Get-PSCallStack | Select-Object -First 1);
+                            logLevel = 'warning';
+                            InformationAction = $O365Object.InformationAction;
+                            Tags = @('Monkey365FabricError');
+                        }
+                        Write-Warning @msg
+                        return
+                    }
+                }
+                Else{
+                    $p = @{
+                        Resource = $O365Object.Environment.Fabric;
+                        AzureService = "AzurePowershell";
+                        InformationAction = $O365Object.InformationAction;
+                        Verbose = $O365Object.verbose;
+                        Debug = $O365Object.debug;
+                    }
+                    #Connect to Microsoft Fabric
+                    $O365Object.auth_tokens.Fabric = Connect-MonkeyGenericApplication @p
                 }
-                $O365Object.auth_tokens.Fabric = Connect-MonkeyGenericApplication @p
                 If($null -ne $O365Object.auth_tokens.Fabric){
                     $O365Object.onlineServices.Item('PowerBI') = $true
                 }
@@ -471,7 +512,7 @@ Function Connect-MonkeyM365{
                         callStack = (Get-PSCallStack | Select-Object -First 1);
                         logLevel = 'warning';
                         InformationAction = $O365Object.InformationAction;
-                        Tags = @('Monkey365TeamsError');
+                        Tags = @('Monkey365FabricError');
                     }
                     Write-Warning @msg
                 }
@@ -484,15 +525,55 @@ Function Connect-MonkeyM365{
                     Tags = @('TokenRequestInfoMessage');
                 }
                 Write-Information @msg
-                #Connect to PowerBI
-                $p = @{
-                    Resource = $O365Object.Environment.PowerBI;
-                    AzureService = "AzurePowershell";
-                    InformationAction = $O365Object.InformationAction;
-                    Verbose = $O365Object.verbose;
-                    Debug = $O365Object.debug;
+                If($O365Object.isConfidentialApp){
+                    If($O365Object.initParams.GetEnumerator().Where({$_.Key -eq 'PowerBIClientId'}).Count -gt 0){
+                        $application = $O365Object.msal_confidential_applications.Where({$_.ClientId -eq $O365Object.initParams.Item('PowerBIClientId')}) | Select-Object -First 1 -ErrorAction Ignore
+                        If($application){
+                            $p = @{
+                                Resource = $O365Object.Environment.PowerBI;
+                                Application = $application;
+                                InformationAction = $O365Object.InformationAction;
+                                Verbose = $O365Object.verbose;
+                                Debug = $O365Object.debug;
+                            }
+                            #Connect to Microsoft Fabric
+                            $O365Object.auth_tokens.PowerBI = Connect-MonkeyGenericApplication @p
+                        }
+                        Else{
+                            $msg = @{
+                                MessageData = "Unable to connect to Microsoft PowerBI. Confidential application was not found";
+                                callStack = (Get-PSCallStack | Select-Object -First 1);
+                                logLevel = 'warning';
+                                InformationAction = $O365Object.InformationAction;
+                                Tags = @('Monkey365FabricError');
+                            }
+                            Write-Warning @msg
+                            return
+                        }
+                    }
+                    Else{
+                        $msg = @{
+                            MessageData = "Unable to connect to Microsoft PowerBI. Confidential application was not found";
+                            callStack = (Get-PSCallStack | Select-Object -First 1);
+                            logLevel = 'warning';
+                            InformationAction = $O365Object.InformationAction;
+                            Tags = @('Monkey365FabricError');
+                        }
+                        Write-Warning @msg
+                        return
+                    }
+                }
+                Else{
+                    #Connect to PowerBI
+                    $p = @{
+                        Resource = $O365Object.Environment.PowerBI;
+                        AzureService = "AzurePowershell";
+                        InformationAction = $O365Object.InformationAction;
+                        Verbose = $O365Object.verbose;
+                        Debug = $O365Object.debug;
+                    }
+                    $O365Object.auth_tokens.PowerBI = Connect-MonkeyGenericApplication @p
                 }
-                $O365Object.auth_tokens.PowerBI = Connect-MonkeyGenericApplication @p
                 If($null -ne $O365Object.auth_tokens.PowerBI){
                     #Get Backend URI
                     $O365Object.PowerBIBackendUri = Get-MonkeyPowerBIBackend
Original file line number	Diff line number	Diff line change
`@@ -135,9 +135,5 @@ Function Invoke-AzureScanner{`
`135`	`135`	`Catch{`
`136`	`136`	`Write-Error $_`
`137`	`137`	`}`
`138`		`- Finally{`
`139`		`- #Perform garbage collection`
`140`		`- [System.GC]::GetTotalMemory($true) \| out-null`
`141`		`- }`
`142`	`138`	`}`
`143`	`139`
Original file line number	Diff line number	Diff line change
`@@ -73,9 +73,5 @@ Function Invoke-EntraIDScanner{`
`73`	`73`	`Catch{`
`74`	`74`	`Write-Error $_`
`75`	`75`	`}`
`76`		`- Finally{`
`77`		`- #Perform garbage collection`
`78`		`- [gc]::Collect()`
`79`		`- }`
`80`	`76`	`}`
`81`	`77`
Original file line number	Diff line number	Diff line change
`@@ -85,9 +85,5 @@ Function Invoke-M365Scanner{`
`85`	`85`	`Catch{`
`86`	`86`	`Write-Error $_`
`87`	`87`	`}`
`88`		`- Finally{`
`89`		`- #Perform garbage collection`
`90`		`- [gc]::Collect()`
`91`		`- }`
`92`	`88`	`}`
`93`	`89`