Connect-PnPOnline Azure Environment Discovery from URI Support

[BernieEllis]

Is your feature request related to a problem? Please describe.
Yes, I'm trying to use PnP PowerShell in a Microsoft national cloud other than Azure Government/GCC High/DoD. The issue is that the Azure environments PnP is designed to work with are limited, therefore I have no way of instructing which Azure AD, Microsoft Graph, and other endpoints it should use to connect to.

Describe the solution you'd like
Continue allowing customers to specify environments like GCC, GCC High, and DoD but also allow Connect-PnPOnline to connect via the discovery pattern shown above, allowing customers in additional Microsoft cloud environments beyond what's currently in src/sdk/PnP.Core/Services/Core/CloudManager.cs to leverage the PnPPowerShell platform for management and automation.

Connect-PnPOnline, could do one of two things:

Honor the environments discovered by Add-AzEnvironment.
Add a new PnPOnline cmdlet to prepare the environment to pass to Connect-PnPOnline
For the second, thinking something like:

Add-PnPOnlineEnvironment -FromUrl https://management.azure.com/metadata/endpoints?api-version=2020-06-01
Connect-PnPOnline -Environment DiscoveredAzureEnvironment

Additional cmdlets, specifically Register-PnPManagementShellAccess and Register-PnPAzureADApp should pick up support from the additional environment support.

Describe alternatives you've considered
We are currently exploring using Microsoft Graph as an alternative, but there are two issues:

1. We are not yet able to use Connect-MgGraph in this other national cloud.
2. I'm not sure yet if we have a 100% mapping from PnP PowerShell cmdlets to Microsoft Graph cmdlets we intend to use. In particular, not sure if these cmdlets have Microsoft Graph PowerShell equivalents despite reviewing the documentation:

• Register-PnPHubSite
• Unregister-PnpHubsite
• Add-PnPSiteCollectionAppCatalog
• Remove-PnPSiteCollectionAppCatalog
• Add-PnPHubToHubAssociation
• Get-PnPHubSite
• Add-PnPSiteCollectionAdmin

Additional context
Microsoft has additional Azure/O365 cloud environments beyond GCC High and DoD. For this reason, Microsoft has added environment discovery capability to Azure PowerShell via Discovering a new Azure environment via Uri using the Add-AzEnvironment cmdlet I can discover an environment via URL to retrieve the appropriate Graph, Azure AD, etc. endpoints for making calls, which is then used to specify as the environment when connecting with Connect-AzAccount.

Connect-PnPOnline, should allow customers to use PnPPowerShell ideally in the same manner:

Add-AzEnvironment -Autodiscover -Url https://management.azure.com/metadata/endpoints?api-version=2020-06-01 (What's returned will be different endpoints for each environment)
Connect-AzEnvironment -Environment DiscoveredAzureEnvX

[BernieEllis]

PowerShell team, after making a similar request to PnPCore @jansenbe made the following commit last week: pnp/pnpcore@e818ffc.

It's different from what we suggested but looks to address the issue. Can the PowerShell team help adopt this same model if agreed or give thoughts on the discover from Uri pattern?

Thanks,
Bernarldo

[KoenZomers]

I guess we could do a similar thing like Bert did, but it will cost quite some hours to implement and test. Since this is a request from longer ago, are you still in need of this or have you found another way? In other words: is this still needed?

[BernieEllis]

Hi Koen, thanks for the reply. Yes this is very much still needed. What are you thinking in terms of hours? Can I test on for you? Thanks, Bernarldo

…

________________________________ From: Koen Zomers ***@***.***> Sent: Sunday, January 22, 2023 4:58 PM To: pnp/powershell ***@***.***> Cc: Bernarldo Ellis ***@***.***>; Author ***@***.***> Subject: Re: [pnp/powershell] Connect-PnPOnline Azure Environment Discovery from URI Support (Issue #2533) I guess we could do a similar thing like Bert did, but it will cost quite some hours to implement and test. Since this is a request from longer ago, are you still in need of this or have you found another way? In other words: is this still needed? — Reply to this email directly, view it on GitHub<#2533 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AHR4BCV7OIM6XTNBRB6JWGTWTWUP5ANCNFSM6AAAAAARZINVT4>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[gautamdsheth]

Hi @BernieEllis , finally managed to get it working.

It will now work starting with tomorrow's nightly build and the next major version whenever we release it. Will have to specify MicrosoftGraphEndpoint and AzureADLoginEndpoint parameters if you want it working.