Azure-Samples · salman90 · Apr 18, 2023 · Apr 18, 2023
diff --git a/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md b/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md
@@ -4,13 +4,6 @@
 
 ### Quick summary
 
-1. On Windows, run PowerShell as **Administrator** and navigate to the root of the cloned directory
-1. In PowerShell run:
-
-   ```PowerShell
-   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-   ```
-
 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
 
    ```PowerShell
@@ -59,28 +52,23 @@ The `Configure.ps1` will stop if it tries to create an Azure AD application whic
 
 ### Pre-requisites
 
+1. PowerShell 7 or later (see: [installing PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell))
 1. Open PowerShell (On Windows, press  `Windows-R` and type `PowerShell` in the search window)
-1. Navigate to the root directory of the project.
-1. Until you change it, the default [Execution Policy](https:/go.microsoft.com/fwlink/?LinkID=135170) for scripts is usually `Restricted`. In order to run the PowerShell script you need to set the Execution Policy to `RemoteSigned`. You can set this just for the current PowerShell process by running the command:
-
-    ```PowerShell
-    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
-    ```
 
 ### (Optionally) install Microsoft.Graph.Applications PowerShell modules
 
 The scripts install the required PowerShell module (Microsoft.Graph.Applications) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
 
 1. If you have never done it already, in the PowerShell window, install the Microsoft.Graph.Applications PowerShell modules. For this:
 
-   1. Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select **Run as administrator**).
+   1. Open PowerShell
    2. Type:
 
       ```PowerShell
       Install-Module Microsoft.Graph.Applications
       ```
 
-      or if you cannot be administrator on your machine, run:
+      or if you want the modules to be installed for the current user only, run:
 
       ```PowerShell
       Install-Module Microsoft.Graph.Applications -Scope CurrentUser

diff --git a/1-Authentication/1-sign-in/AppCreationScripts/Cleanup.ps1 b/1-Authentication/1-sign-in/AppCreationScripts/Cleanup.ps1
@@ -1,4 +1,5 @@
-
+#Requires -Version 7
+
 [CmdletBinding()]
 param(    
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]

diff --git a/1-Authentication/1-sign-in/AppCreationScripts/Configure.ps1 b/1-Authentication/1-sign-in/AppCreationScripts/Configure.ps1
@@ -1,3 +1,4 @@
+#Requires -Version 7
 
 [CmdletBinding()]
 param(
@@ -160,7 +161,7 @@ Function ConfigureApplications
     $owner = Get-MgApplicationOwner -ApplicationId $currentAppObjectId
     if ($owner -eq $null)
     { 
-        New-MgApplicationOwnerByRef -ApplicationId $currentAppObjectId  -BodyParameter = @{"@odata.id" = "htps://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId"}
+        New-MgApplicationOwnerByRef -ApplicationId $currentAppObjectId  -BodyParameter @{"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId"}
         Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
     }
     Write-Host "Done creating the client application (msal-react-spa)"

diff --git a/1-Authentication/1-sign-in/AppCreationScripts/sample.json b/1-Authentication/1-sign-in/AppCreationScripts/sample.json
@@ -18,7 +18,7 @@
             "HomePage": "http://localhost:3000/",
             "ReplyUrls": "http://localhost:3000/, http://localhost:3000/redirect",
             "Audience": "AzureADMyOrg", 
-            "SDK": "MsalJs",
+            "SDK": "MsalReact",
             "SampleSubPath": "1-Authentication\\1-sign-in\\SPA"
         }
     ],

diff --git a/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md b/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md
@@ -4,13 +4,6 @@
 
 ### Quick summary
 
-1. On Windows, run PowerShell as **Administrator** and navigate to the root of the cloned directory
-1. In PowerShell run:
-
-   ```PowerShell
-   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-   ```
-
 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
 
    ```PowerShell
@@ -49,6 +42,8 @@ These scripts are:
 
 - `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
 
+> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
+
 ### Usage pattern for tests and DevOps scenarios
 
 The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
@@ -57,28 +52,23 @@ The `Configure.ps1` will stop if it tries to create an Azure AD application whic
 
 ### Pre-requisites
 
+1. PowerShell 7 or later (see: [installing PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell))
 1. Open PowerShell (On Windows, press  `Windows-R` and type `PowerShell` in the search window)
-1. Navigate to the root directory of the project.
-1. Until you change it, the default [Execution Policy](https:/go.microsoft.com/fwlink/?LinkID=135170) for scripts is usually `Restricted`. In order to run the PowerShell script you need to set the Execution Policy to `RemoteSigned`. You can set this just for the current PowerShell process by running the command:
-
-    ```PowerShell
-    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
-    ```
 
 ### (Optionally) install Microsoft.Graph.Applications PowerShell modules
 
 The scripts install the required PowerShell module (Microsoft.Graph.Applications) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
 
 1. If you have never done it already, in the PowerShell window, install the Microsoft.Graph.Applications PowerShell modules. For this:
 
-   1. Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select **Run as administrator**).
+   1. Open PowerShell
    2. Type:
 
       ```PowerShell
       Install-Module Microsoft.Graph.Applications
       ```
 
-      or if you cannot be administrator on your machine, run:
+      or if you want the modules to be installed for the current user only, run:
 
       ```PowerShell
       Install-Module Microsoft.Graph.Applications -Scope CurrentUser
@@ -139,11 +129,10 @@ The acceptable values for this parameter are:
 - AzureCloud
 - AzureChinaCloud
 - AzureUSGovernment
-- AzureGermanyCloud
 
 Example:
 
  ```PowerShell
- . .\Cleanup.ps1 -AzureEnvironmentName "AzureGermanyCloud"
- . .\Configure.ps1 -AzureEnvironmentName "AzureGermanyCloud"
+ . .\Cleanup.ps1 -AzureEnvironmentName "AzureUSGovernment"
+ . .\Configure.ps1 -AzureEnvironmentName "AzureUSGovernment"
  ```
diff --git a/2-Authorization-I/1-call-graph/AppCreationScripts/Cleanup.ps1 b/2-Authorization-I/1-call-graph/AppCreationScripts/Cleanup.ps1
@@ -1,3 +1,4 @@
+#Requires -Version 7
 
 [CmdletBinding()]
 param(    
@@ -7,6 +8,7 @@ param(
     [string] $azureEnvironmentName
 )
 
+
 Function Cleanup
 {
     if (!$azureEnvironmentName)
@@ -24,29 +26,51 @@ Function Cleanup
 
     # Connect to the Microsoft Graph API
     Write-Host "Connecting to Microsoft Graph"
-    if ($tenantId -eq "") {
-        Connect-MgGraph -Scopes "Application.ReadWrite.All" -Environment $azureEnvironmentName
-        $tenantId = (Get-MgContext).TenantId
+
+
+    if ($tenantId -eq "") 
+    {
+        Connect-MgGraph -Scopes "User.Read.All Organization.Read.All Application.ReadWrite.All" -Environment $azureEnvironmentName
     }
-    else {
-        Connect-MgGraph -TenantId $tenantId -Scopes "Application.ReadWrite.All" -Environment $azureEnvironmentName
+    else 
+    {
+        Connect-MgGraph -TenantId $tenantId -Scopes "User.Read.All Organization.Read.All Application.ReadWrite.All" -Environment $azureEnvironmentName
     }
 
+    $context = Get-MgContext
+    $tenantId = $context.TenantId
+
+    # Get the user running the script
+    $currentUserPrincipalName = $context.Account
+    $user = Get-MgUser -Filter "UserPrincipalName eq '$($context.Account)'"
+
+    # get the tenant we signed in to
+    $Tenant = Get-MgOrganization
+    $tenantName = $Tenant.DisplayName
+
+    $verifiedDomain = $Tenant.VerifiedDomains | where {$_.Isdefault -eq $true}
+    $verifiedDomainName = $verifiedDomain.Name
+    $tenantId = $Tenant.Id
+
+    Write-Host ("Connected to Tenant {0} ({1}) as account '{2}'. Domain is '{3}'" -f  $Tenant.DisplayName, $Tenant.Id, $currentUserPrincipalName, $verifiedDomainName)
+
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantId'"
 
     Write-Host "Removing 'spa' (ms-identity-react-c2s1) if needed"
     try
     {
-        Get-MgApplication -Filter "DisplayName eq 'ms-identity-react-c2s1'"  | ForEach-Object {Remove-MgApplication -ApplicationId $_.Id }
+        Get-MgApplication -Filter "DisplayName eq 'ms-identity-react-c2s1'" | ForEach-Object {Remove-MgApplication -ApplicationId $_.Id }
     }
     catch
     {
-        Write-Host "Unable to remove the application 'ms-identity-react-c2s1' . Try deleting manually." -ForegroundColor White -BackgroundColor Red
+        $message = $_
+        Write-Warning $Error[0]
+        Write-Host "Unable to remove the application 'ms-identity-react-c2s1'. Error is $message. Try deleting manually." -ForegroundColor White -BackgroundColor Red
     }
 
     Write-Host "Making sure there are no more (ms-identity-react-c2s1) applications found, will remove if needed..."
-    $apps = Get-MgApplication -Filter "DisplayName eq 'ms-identity-react-c2s1'"
+    $apps = Get-MgApplication -Filter "DisplayName eq 'ms-identity-react-c2s1'" | Format-List Id, DisplayName, AppId, SignInAudience, PublisherDomain
 
     if ($apps)
     {
@@ -62,23 +86,67 @@ Function Cleanup
     # also remove service principals of this app
     try
     {
-        Get-MgServicePrincipal -filter "DisplayName eq 'ms-identity-react-c2s1'" | ForEach-Object {Remove-MgServicePrincipal -ApplicationId $_.Id -Confirm:$false}
+        Get-MgServicePrincipal -filter "DisplayName eq 'ms-identity-react-c2s1'" | ForEach-Object {Remove-MgServicePrincipal -ServicePrincipalId $_.Id -Confirm:$false}
     }
     catch
     {
-        Write-Host "Unable to remove ServicePrincipal 'ms-identity-react-c2s1' . Try deleting manually from Enterprise applications." -ForegroundColor White -BackgroundColor Red
+        $message = $_
+        Write-Warning $Error[0]
+        Write-Host "Unable to remove ServicePrincipal 'ms-identity-react-c2s1'. Error is $message. Try deleting manually from Enterprise applications." -ForegroundColor White -BackgroundColor Red
     }
 }
 
-if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) { 
-    Install-Module "Microsoft.Graph.Applications" -Scope CurrentUser                                            
-} 
+# Pre-requisites
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph")) {
+    Install-Module "Microsoft.Graph" -Scope CurrentUser 
+}
+
+#Import-Module Microsoft.Graph
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) {
+    Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Authentication
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Identity.DirectoryManagement")) {
+    Install-Module "Microsoft.Graph.Identity.DirectoryManagement" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Identity.DirectoryManagement
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) {
+    Install-Module "Microsoft.Graph.Applications" -Scope CurrentUser 
+}
+
 Import-Module Microsoft.Graph.Applications
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups")) {
+    Install-Module "Microsoft.Graph.Groups" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Groups
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users")) {
+    Install-Module "Microsoft.Graph.Users" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Users
+
 $ErrorActionPreference = "Stop"
 
 
-Cleanup -tenantId $tenantId -environment $azureEnvironmentName
+try
+{
+    Cleanup -tenantId $tenantId -environment $azureEnvironmentName
+}
+catch
+{
+    $_.Exception.ToString() | out-host
+    $message = $_
+    Write-Warning $Error[0]    
+    Write-Host "Unable to register apps. Error is $message." -ForegroundColor White -BackgroundColor Red
+}
 
 Write-Host "Disconnecting from tenant"
 Disconnect-MgGraph
-