Updates for cloud agnostics deployment

Modules/MSCloudLoginAssistant/ConnectionProfile.ps1

@@ -169,48 +169,47 @@ class Workload : ICloneable
 
             Add-MSCloudLoginAssistantEvent "Set environment to {$($Script:CloudEnvironmentInfo.tenant_region_sub_scope)}" -Source $source
         }
-        if ($null -eq $this.Endpoints)
+
+        switch ($Script:CloudEnvironmentInfo.tenant_region_sub_scope)
         {
-            switch ($Script:CloudEnvironmentInfo.tenant_region_sub_scope)
+            'AzureGermanyCloud'
             {
-                'AzureGermanyCloud'
-                {
-                    $this.EnvironmentName = 'O365GermanyCloud'
-                }
-                'DOD'
-                {
-                    $this.EnvironmentName = 'AzureDOD'
-                }
-                'DODCON'
+                $this.EnvironmentName = 'O365GermanyCloud'
+            }
+            'DOD'
+            {
+                $this.EnvironmentName = 'AzureDOD'
+            }
+            'DODCON'
+            {
+                $this.EnvironmentName = 'AzureUSGovernment'
+            }
+            'USGov'
+            {
+                $this.EnvironmentName = 'AzureUSGovernment'
+            }
+            default
+            {
+                if ($null -ne $Script:CloudEnvironmentInfo -and $Script:CloudEnvironmentInfo.token_endpoint.StartsWith('https://login.partner.microsoftonline.cn'))
                 {
-                    $this.EnvironmentName = 'AzureUSGovernment'
+                    $this.EnvironmentName = 'AzureChinaCloud'
+
+                    # Converting tenant to GUID. This is a limitation of the PnP module which
+                    # can't recognize the tenant when FQDN is provided.
+                    $tenantGUIDValue = $Script:CloudEnvironmentInfo.token_endpoint.Split('/')[3]
+                    $this.TenantGUID = $tenantGUIDValue
                 }
-                'USGov'
+                elseif ($Global:CustomEnvironment)
                 {
-                    $this.EnvironmentName = 'AzureUSGovernment'
+                    $this.EnvironmentName = 'Custom'
                 }
-                default
+                else
                 {
-                    if ($null -ne $Script:CloudEnvironmentInfo -and $Script:CloudEnvironmentInfo.token_endpoint.StartsWith('https://login.partner.microsoftonline.cn'))
-                    {
-                        $this.EnvironmentName = 'AzureChinaCloud'
-
-                        # Converting tenant to GUID. This is a limitation of the PnP module which
-                        # can't recognize the tenant when FQDN is provided.
-                        $tenantGUIDValue = $Script:CloudEnvironmentInfo.token_endpoint.Split('/')[3]
-                        $this.TenantGUID = $tenantGUIDValue
-                    }
-                    else
-                    {
-                        $this.EnvironmentName = 'AzureCloud'
-                    }
+                    $this.EnvironmentName = 'AzureCloud'
                 }
             }
         }
-        else
-        {
-            $this.EnvironmentName = 'Custom'
-        }
+
         Add-MSCloudLoginAssistantEvent -Message "`$this.EnvironmentName was detected to be {$($this.EnvironmentName)}" -Source $source
         if ([System.String]::IsNullOrEmpty($this.EnvironmentName))
         {
@@ -298,8 +297,8 @@ class AdminAPI:Workload
             }
             'Custom'
             {
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.Scope            = $Global:CustomAdminApiScope
+                $this.AuthorizationUrl = $Global:CustomAdminApiAuthorizationUrl
             }
             default
             {
@@ -371,9 +370,9 @@ class AzureDevOPS:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.HostUrl          = $Global:CustomAzureDevopsHostUrl
+                $this.Scope            = $Global:CustomAzureDevopsScope
+                $this.AuthorizationUrl = $Global:CustomAzureDevopsAuthorizationUrl
             }
             default
             {
@@ -427,9 +426,9 @@ class DefenderForEndpoint:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.HostUrl          = $Global:CustomDefenderForEndpointHostUrl
+                $this.Scope            = $Global:CustomDefenderForEndpointScope
+                $this.AuthorizationUrl = $Global:CustomDefenderForEndpointAuthorizationUrl
             }
             default
             {
@@ -484,9 +483,9 @@ class EngageHub:Workload
             }
             'Custom'
             {
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
-                $this.APIUrl           = $this.Endpoints.APIUrl
+                $this.Scope            = $Global:CustomEngageHubScope
+                $this.AuthorizationUrl = $Global:CustomEngageHubAuthorizationUrl
+                $this.APIUrl           = $Global:CustomEngageHubAPIUrl
             }
             default
             {
@@ -556,8 +555,8 @@ class ExchangeOnline:Workload
             }
             'Custom'
             {
-                $this.ConnectionUri                   = $this.Endpoints.ConnectionUri
-                $this.AzureADAuthorizationEndpointUri = $this.Endpoints.AzureADAuthorizationEndpointUri
+                $this.ConnectionUri                   = $Global:CustomEXOConnectionUri
+                $this.AzureADAuthorizationEndpointUri = $Global:CustomEXOAzureADAuthorizationEndpointUri
             }
         }
         $Script:MSCloudLoginConnectionProfile.ExchangeOnline = $this
@@ -613,9 +612,9 @@ class Fabric:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.HostUrl          = $Global:CustomFabricHostUrl
+                $this.Scope            = $Global:CustomFabricScope
+                $this.AuthorizationUrl = $Global:CustomFabricAuthorizationUrl
             }
             default
             {
@@ -667,9 +666,9 @@ class Licensing:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.HostUrl          = $Global:CustomLicensingHostUrl
+                $this.Scope            = $Global:CustomLicensingScope
+                $this.AuthorizationUrl = $Global:CustomLicensingAuthorizationUrl
             }
             default
             {
@@ -749,9 +748,9 @@ class MicrosoftGraph:Workload
             'Custom'
             {
                 $this.GraphEnvironment = 'Custom'
-                $this.ResourceUrl      = $this.Endpoints.ResourceUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.TokenUrl         = $this.Endpoints.TokenUrl
+                $this.ResourceUrl      = $Global:CustomGraphResourceUrl
+                $this.Scope            = $Global:CustomGraphScope
+                $this.TokenUrl         = "$($Global:CustomGraphTokenUrl)/$($this.TenantId)/oauth2/v2.0/token"
             }
         }
         $Script:MSCloudLoginConnectionProfile.MicrosoftGraph = $this
@@ -806,8 +805,8 @@ class PnP:Workload
         if ($null -ne $this.Endpoints)
         {
             $this.PnPAzureEnvironment = 'Custom'
-            $this.Scope               = $this.Endpoints.Scope
-            $this.TokenUrl            = $this.Endpoints.TokenUrl
+            $this.Scope               = $Global:CustomPnPScope
+            $this.TokenUrl            = "$($Global:CustomPnPTokenUrl)/$($this.TenantId)/oauth2/v2.0/token"
         }
         elseif ($this.EnvironmentName -eq 'AzureCloud')
         {
@@ -929,11 +928,11 @@ class PowerPlatformREST:Workload
             }
             'Custom'
             {
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
-                $this.Audience         = $this.Endpoints.Audience
-                $this.ClientId         = $this.Endpoints.ClientId
-                $this.BapEndpoint      = $this.Endpoints.BapEndpoint
+                $this.Scope            = $Global:CustomPowerPlatformRESTScope
+                $this.AuthorizationUrl = $Global:CustomPowerPlatformRESTAuthorizationUrl
+                $this.Audience         = $Global:CustomPowerPlatformRESTAudience
+                $this.ClientId         = $Global:CustomPowerPlatformRESTClientId
+                $this.BapEndpoint      = $Global:CustomPowerPlatformRESTBapEndpoint
             }
             default
             {
@@ -1002,9 +1001,9 @@ class SecurityComplianceCenter:Workload
             }
             'Custom'
             {
-                $this.ConnectionUrl                   = $this.Endpoints.ConnectionUrl
-                $this.AuthorizationUrl                = $this.Endpoints.AuthorizationUrl
-                $this.AzureADAuthorizationEndpointUri = $this.Endpoints.AzureADAuthorizationEndpointUri
+                $this.ConnectionUrl                   = $Global:CustomSCCConnectionUrl
+                $this.AuthorizationUrl                = $Global:CustomSCCAuthorizationUrl
+                $this.AzureADAuthorizationEndpointUri = $Global:CustomSCCAzureADAuthorizationEndpointUri
             }
         }
         $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter = $this
@@ -1076,6 +1075,15 @@ class SharePointOnlineREST:Workload
                 }
                 $Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.ConnectionUrl = ("https://$domain").Replace('-admin', '')
             }
+            elseif ($Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.TenantId.Contains('.onms.'))
+            {
+                $domain = $Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.TenantId.Replace('.onms.', '-admin.sharepoint.')
+                if (-not $Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.AdminUrl)
+                {
+                    $Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.AdminUrl = "https://$domain"
+                }
+                $Script:MSCloudLoginConnectionProfile.SharePointOnlineREST.ConnectionUrl = ("https://$domain").Replace('-admin', '')
+            }
             else
             {
                 throw 'TenantId must be in format contoso.onmicrosoft.com'
@@ -1098,9 +1106,9 @@ class SharePointOnlineREST:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
+                $this.HostUrl          = $Global:CustomSharePointOnlineREST.HostUrl
+                $this.Scope            = "$($Global:CustomSharePointOnlineREST.HostUrl)/.default"
+                $this.AuthorizationUrl = $Global:CustomSharePointOnlineREST.AuthorizationUrl
             }
             default
             {
@@ -1156,10 +1164,10 @@ class Tasks:Workload
             }
             'Custom'
             {
-                $this.HostUrl          = $this.Endpoints.HostUrl
-                $this.Scope            = $this.Endpoints.Scope
-                $this.AuthorizationUrl = $this.Endpoints.AuthorizationUrl
-                $this.ResourceUrl      = $this.Endpoints.ResourceUrl
+                $this.HostUrl          = $Global:CustomTasks.HostUrl
+                $this.Scope            = $Global:CustomTasks.Scope
+                $this.AuthorizationUrl = $Global:CustomTasks.AuthorizationUrl
+                $this.ResourceUrl      = $Global:CustomTasks.ResourceUrl
             }
             default
             {
@@ -1196,9 +1204,10 @@ class Teams:Workload
         {
             "Custom"
             {
-                $this.TokenUrl   = $this.Endpoints.TokenUrl
-                $this.GraphScope = $this.Endpoints.GraphScope
-                $this.TeamsScope = $this.Endpoints.TeamsScope
+                $this.TokenUrl   = "$($Global:CustomTeamsTokenUrl)/$($this.TenantId)/oauth2/v2.0/token"
+                $this.GraphScope = $Global:CustomGraphScope
+                $this.TeamsScope = $Global:CustomTeamsScope
+                $this.Endpoints = $Global:CustomTeamsEndpoints
             }
         }
         $Script:MSCloudLoginConnectionProfile.Teams = $this

Modules/MSCloudLoginAssistant/CustomEnvironment.ps1

@@ -0,0 +1,67 @@
+#IMPORTANT!  If you are using this module for a custom environment, ensure you keep a copy in a secure location.  Installation of a newer version of MSCLoudLoginAssistant will overwrite this file.  After installation of the newest version, restire your backup file to this location.
+
+# If you are running DSC in a custom environment without access to WW resources, set this value to $true, otherwise leave it set to $false.
+$Global:CustomEnvironment = $false
+
+# If you are running DSC in a custom environment without access to WW resources, edit the endpoints below to match your environment's values.
+
+$Global:CustomGraphResourceUrl = "https://graph.microsoft.com/"
+$Global:CustomGraphScope = "https://graph.microsoft.com/.default"
+$Global:CustomGraphTokenUrl = "https://login.microsoftonline.com/"
+
+
+$Global:CustomEXOConnectionUri = "https://outlook.prod.microsoft.com/powersehll-liveid/"
+$Global:CustomEXOAzureADAuthorizationEndpointUri = "https://login.microsoftonline.us/common"
+
+$Global:CustomAdminApiScope = "6a8b4b39-c021-437c-b060-5a14a3fd65f3/.default"
+$Global:CustomAdminApiAuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomAzureDevopsHostUrl = "https://dev.azure.com"
+$Global:CustomAzureDevopsScope = "499b84ac-1321-427f-aa17-267ca6975798/.default"
+$Global:CustomAzureDevopsAuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomDefenderForEndpointHostUrl = "https://api.security.microsoft.com"
+$Global:CustomDefenderForEndpointScope = "https://api.securitycenter.microsoft.com/.default"
+$Global:CustomDefenderForEndpointAuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomEngageHubScope = "https://engagehub.microsoft.com/.default"
+$Global:CustomEngageHubAuthorizationUrl = "https://login.microsoftonline.com"
+$Global:CustomEngageHubAPIUrl = "https://api.dev.engagecenter.microsoft.com"
+
+$Global:CustomFabricHostUrl = "https://api.fabric.microsoft.com"
+$Global:CustomFabricScope = "https://api.fabric.microsoft.com/.default"
+$Global:CustomFabricAuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomLicensingHostUrl = "https://licensing.m365.microsoft.com"
+$Global:CustomLicensingScope = "aeb86249-8ea3-49e2-900b-54cc8e308f85/.default"
+$Global:CustomLicensingAuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomPnPScope = "https://prod.sharepoint.microsoft.com/.default"
+$Global:CustomPnPTokenUrl = "https://login.microsoftonline.com/"
+
+$Global:CustomPowerPlatformRESTScope = "6a8b4b39-c021-437c-b060-5a14a3fd65f3/.default"
+$Global:CustomPowerPlatformRESTAuthorizationUrl = "https://login.microsoftonline.com"
+$Global:CustomPowerPlatformRESTAudience = "https://service.powerapps.com/"
+$Global:CustomPowerPlatformRESTClientId = "1950a258-227b-4e31-a9cf-717495945fc2"
+$Global:CustomPowerPlatformRESTBapEndpoint = "api.bap.microsoft.com"
+
+$Global:CustomSCCConnectionUrl = "https://ps.compliance.microsoft.com/powershell-liveid/"
+$Global:CustomSCCAuthorizationUrl = "https://login.microsoftonline.com/organiations"
+$Global:CustomSCCAzureADAuthorizationEndpointUri = "https://login.microsoftonline.com/common"
+
+$Global:CustomTeamsTokenUrl = "https://login.microsoftonline.com/"
+$Global:CustomTeamsScope = "https://api.interfaces.microsoft.com/.default"
+$Global:CustomTeamsEndpoints = @{
+    ActiveDirectory = "https://login.microsoftonline.com"
+    MsGraphEndpointResourceId = "https://graph.microsoft.com/"
+    TeamsConfigApiEndpoint = "https://api.interfaces.records.teams.microsoft.com"
+}
+
+
+$Global:CustomSharePointOnlineREST.HostUrl = "https://customdomain-admin.sharepoint.com"
+$Global:CustomSharePointOnlineREST.AuthorizationUrl = "https://login.microsoftonline.com"
+
+$Global:CustomTasks.HostUrl          = "https://tasks.office.com"
+$Global:CustomTask.Scope            = "https://tasks.office.com/.default"
+$Global:CustomTask.AuthorizationUrl = "https://login.microsoftonline.com"
+$Global:CustomTask.ResourceUrl      = "https://tasks.office.com"

Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1

@@ -1,6 +1,7 @@
 $Script:WriteToEventLog = $env:MSCLOUDLOGINASSISTANT_WRITETOEVENTLOG -eq 'true'
 
 . "$PSScriptRoot\ConnectionProfile.ps1"
+. "$PSScriptRoot\CustomEnvironment.ps1"
 $privateModules = Get-ChildItem -Path "$PSScriptRoot\Workloads" -Filter '*.ps1' -Recurse
 foreach ($module in $privateModules)
 {
@@ -440,7 +441,7 @@ function Reset-MSCloudLoginConnectionProfileContext
         $Workload = $Script:MSCloudLoginConnectionProfile.PSObject.Properties.Name | Where-Object { $_ -notin @('CreatedTime', 'OrganizationName') }
         $fullReset = $true
     }
-    
+
     $source = 'Reset-MSCloudLoginConnectionProfileContext'
     Add-MSCloudLoginAssistantEvent -Message 'Resetting connection profile' -Source $source
     foreach ($workloadToReset in $Workload)

Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.ps1

@@ -116,18 +116,18 @@ function Connect-MSCloudLoginExchangeOnline
                     -CertificateThumbprint $Script:MSCloudLoginConnectionProfile.ExchangeOnline.CertificateThumbprint
             }
 
-            if ($null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints -and `
-                $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.ConnectionUri -and `
-                $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.AzureADAuthorizationEndpointUri)
+            if (($null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.EndPoints -or $Global:CustomEnvironment) -and `
+                $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.ConnectionUri -and `
+                $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.AzureADAuthorizationEndpointUri)
             {
                 Add-MSCloudLoginAssistantEvent -Message 'Connecting by endpoints URI' -Source $source
                 Connect-ExchangeOnline -AppId $Script:MSCloudLoginConnectionProfile.ExchangeOnline.ApplicationId `
                     -Organization $Script:MSCloudLoginConnectionProfile.OrganizationName `
                     -CertificateThumbprint $Script:MSCloudLoginConnectionProfile.ExchangeOnline.CertificateThumbprint `
                     -ShowBanner:$false `
                     -ShowProgress:$false `
-                    -ConnectionUri $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.ConnectionUri `
-                    -AzureADAuthorizationEndpointUri $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.AzureADAuthorizationEndpointUri `
+                    -ConnectionUri $Script:MSCloudLoginConnectionProfile.ExchangeOnline.ConnectionUri `
+                    -AzureADAuthorizationEndpointUri $Script:MSCloudLoginConnectionProfile.ExchangeOnline.AzureADAuthorizationEndpointUri `
                     -Verbose:$false `
                     -SkipLoadingCmdletHelp `
                     @CommandName | Out-Null