MSCloudLoginAssistant icon indicating copy to clipboard operation
MSCloudLoginAssistant copied to clipboard

Published 20 hours ago verified publisher icon microsoft

No Automation support for MSCommerce Module

Open satyajit321 opened this issue 3 years ago • 7 comments

I have tried using token issued by my own app, but even if it has admin privileges it doesn't seem to be working. What are the plans to allow Certificate Based Authentication or AppID based Oauth logins. The PowerShell gallery has deploy to azure automation, but how will you manage the prompt. Basic auth isn't something we should be doing as we can see in the workarounds so far.

$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"

Is there a way we can directly query the graph endpoint, to get what we need.

$baseUri = "https://licensing.m365.microsoft.com" $restPath = "$baseUri/v1.0/policies"

Invoke-RestMethod : The remote server returned an error: (403) Forbidden. At line:33 char:16

  • $response = Invoke-RestMethod `
  •            ~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

References: https://www.powershellgallery.com/packages/MSCommerce/1.8 https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide

New connection to MSCommerce · Issue #46 - GitHub Providing scripted credentials or PSSession ... - GitHub

satyajit321 avatar Aug 11 '22 05:08 satyajit321

Also keen to see this implemented. Following.

tasgray avatar Dec 29 '22 14:12 tasgray

It would be great if this is implemented. Following. Sep 2023 - still no update or implementation/alternatives on this. Yet Microsoft releases more SelfService purchase stuff.

v1ctormoreno avatar May 08 '23 08:05 v1ctormoreno

+1, automated connection is a standard requirement

billthenerd avatar Sep 21 '23 22:09 billthenerd

New Module is released 3 days ago, but not updates around automations or CBA support. Atleast provide the MS Graph steps and permission details published so that we can build our own.

satyajit321 avatar Sep 22 '23 04:09 satyajit321

It seems that Graph-support is not on the radar for the team - which is a shame when everything and the kitchen-sink is moving to Graph. Access to SelfPurchasePolicies is currently only possible via the MS SPN 'M365 License Manager' that supports delegated permissions but certainly not modern auth. It is possible to modify the Connect-MSCommerce-function to enable support for TenantId and Credential but I agree that this is not Modern Auth. Given that the required permissions are hidden by the MS app there's really nothing we 'outsiders' can do - except call for a change. I've posted a question but probably in the wrong place. https://github.com/MicrosoftDocs/microsoft-365-docs/issues/12880 If you know of a better place, please update this thread.

salbeck-sit avatar Sep 28 '23 12:09 salbeck-sit

I've put in a suggestion for the Graph-team, please upvote https://feedbackportal.microsoft.com/feedback/idea/72d03931-905e-ee11-a81c-0022484e5453

salbeck-sit avatar Sep 29 '23 06:09 salbeck-sit

An update: If you obtain an accesstoken using ie MSAL.PS you can provide that to the functions in MSCommerce that support the parameter -Token. I've created an experimental implementation in a PR and how someone more seasoned in this repo can guide me

salbeck-sit avatar Apr 29 '24 12:04 salbeck-sit