33# Licensed under the MIT License. See License in the project root for license information.
44# ------------------------------------------------------------------------------
55function Set-EntraAppRoleToApplicationUser {
6- [CmdletBinding (DefaultParameterSetName = ' Default'
6+ [CmdletBinding (SupportsShouldProcess = $true , DefaultParameterSetName = ' Default'
77 param (
88 [Parameter (Mandatory = $true ,
99 HelpMessage = " Specify the data source type: 'DatabaseorDirectory', 'SAPCloudIdentity', or 'Generic' which determines the column attribute mapping." ,
@@ -94,7 +94,9 @@ function Set-EntraAppRoleToApplicationUser {
9494 MailNickName = $MailNickname
9595 }
9696
97- $newUser = New-EntraUser @userParams
97+ if ($PSCmdlet.ShouldProcess (" User '$UserPrincipalName '" , " Create"
98+ $newUser = New-EntraUser @userParams
99+ }
98100 Write-ColoredVerbose - Message " Created new user: $UserPrincipalName " - Color " Green"
99101
100102 return [PSCustomObject ]@ {
@@ -129,7 +131,10 @@ function Set-EntraAppRoleToApplicationUser {
129131 }
130132 }
131133
132- $newApp = New-EntraApplication @appParams
134+ if ($PSCmdlet.ShouldProcess (" Application '$DisplayName '" , " Create"
135+ $newApp = New-EntraApplication @appParams
136+ }
137+
133138 Write-ColoredVerbose " Created new application: $DisplayName "
134139
135140 # Create service principal for the application
@@ -138,7 +143,11 @@ function Set-EntraAppRoleToApplicationUser {
138143 DisplayName = $DisplayName
139144 }
140145
141- $newSp = New-EntraServicePrincipal @spParams
146+
147+
148+ if ($PSCmdlet.ShouldProcess (" Service principal '$DisplayName '" , " Create"
149+ $newSp = New-EntraServicePrincipal @spParams
150+ }
142151 Write-ColoredVerbose " Created new service principal for application: $DisplayName "
143152
144153 [PSCustomObject ]@ {
@@ -161,7 +170,9 @@ function Set-EntraAppRoleToApplicationUser {
161170 DisplayName = $DisplayName
162171 }
163172
164- $newSp = New-EntraServicePrincipal @spParams
173+ if ($PSCmdlet.ShouldProcess (" Service principal '$DisplayName '" , " Create"
174+ $newSp = New-EntraServicePrincipal @spParams
175+ }
165176 Write-ColoredVerbose " Created new service principal for existing application: $DisplayName "
166177 }
167178 else {
@@ -216,7 +227,10 @@ function Set-EntraAppRoleToApplicationUser {
216227 }
217228
218229 # Create new assignment
219- $newAssignment = New-EntraServicePrincipalAppRoleAssignment - ServicePrincipalId $servicePrincipalObject.Id - ResourceId $servicePrincipalObject.Id - Id $appRoleId - PrincipalId $UserId
230+ if ($PSCmdlet.ShouldProcess (" Service Principal App Role assignment: AppRole - '$appRoleId ' | UserId - '$UserId ' | Service Principal - '$servicePrincipalObject .Id'" , " Create"
231+ $newAssignment = New-EntraServicePrincipalAppRoleAssignment - ServicePrincipalId $servicePrincipalObject.Id - ResourceId $servicePrincipalObject.Id - Id $appRoleId - PrincipalId $UserId
232+ }
233+
220234 Write-ColoredVerbose " Created new role assignment for user '$UserId ' - AppName: '$ApplicationName ' with role '$RoleDisplayName '" - Color " Green"
221235
222236 return [PSCustomObject ]@ {
@@ -282,6 +296,7 @@ function Set-EntraAppRoleToApplicationUser {
282296 # Add to the typed list
283297 $appRolesList.Add ($appRole )
284298 [void ]$createdRoles.Add ($appRole )
299+
285300 Write-ColoredVerbose " Created new role definition for '$roleName '" - Color " Green"
286301 }
287302
@@ -293,7 +308,10 @@ function Set-EntraAppRoleToApplicationUser {
293308 Tags = @ (" WindowsAzureActiveDirectoryIntegratedApp"
294309 }
295310
296- Update-MgApplication @params
311+
312+ if ($PSCmdlet.ShouldProcess (" Update application '$DisplayName ' with AppRole list - '$appRolesList '" , " Update"
313+ Update-MgApplication @params
314+ }
297315 Write-ColoredVerbose " Updated application with $ ( $createdRoles.Count ) new roles" - Color " Green"
298316
299317 return $createdRoles | ForEach-Object {
0 commit comments