Minor edits

Author: kalyankrishna1

5-AccessControl/2-call-api-groups/AppCreationScripts/BulkCreateGroups.ps1

@@ -1,3 +1,4 @@
+
 [CmdletBinding()]
 param(
  [PSCredential] $Credential,
@@ -7,47 +8,49 @@ param(
  [string] $azureEnvironmentName
 )
 
-$ErrorActionPreference = "Stop"
 <#.Description
- This function generates groups names
+ This function generates groups names.
 #> 
-Function GetGroupName([int] $val) {
+Function GetGroupName([int] $val) 
+{
 
- if ($val -lt 10) {
+ if ($val -lt 10) 
+ {
  $groupName = "Test Group 00" + $val;
  }
- elseif ($val -lt 100) { 
+ elseif ($val -lt 100) 
+ { 
  $groupName = "Test Group 0" + $val;
  }
- else {
+ else 
+ {
  $groupName = "Test Group " + $val;
  }
 
  return $groupName;
+
 }
 
 <#.Description
- This function creates security groups and assigns the user to the security groups
-#>
+ This function creates security groups and assigns the user to the security groups.
+#> 
 Function CreateGroupsAndAssignUser($user) 
 {
  $val = 1;
- 
- while ($val -ne 223) 
- {
+ while ($val -ne 223) 
+ {
  $groupName = GetGroupName -val $val
  $group = Get-MgGroup -Filter "DisplayName eq '$groupName'"
  $groupNameLower = $groupName.ToLower();
  $nickName = $groupNameLower.replace(' ','');
-
  if ($group) 
  {
  Write-Host "Group $($group.DisplayName) already exists"
  }
  else
  {
  $newsg = New-MgGroup -DisplayName $groupName -MailEnabled:$False -MailNickName $nickName -SecurityEnabled
- Write-Host "Successfully created group '$($newsg.DisplayName)'"  
+ Write-Host "Successfully created group '$($newsg.DisplayName)'" 
  $userId = $user.Id
  $params = @{
  "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/{$userId}"
@@ -59,7 +62,6 @@ Function CreateGroupsAndAssignUser($user)
 
  $val += 1;
  }
-
 }
 
 <#.Description
@@ -69,51 +71,60 @@ Function CreateGroupsAndAssignUser($user)
 Function ConfigureApplications 
 {
 
- if (!$azureEnvironmentName) {
+ if (!$azureEnvironmentName) 
+ {
  $azureEnvironmentName = "Global"
  }
 
  Write-Host "Connecting to Microsoft Graph"
- if ($tenantId -eq "") {
+
+ if ($tenantId -eq "") 
+ {
  Connect-MgGraph -Scopes "User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All" -Environment $azureEnvironmentName
  $tenantId = (Get-MgContext).TenantId
  }
- else {
+ else 
+ {
  Connect-MgGraph -TenantId $tenantId -Scopes "User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All" -Environment $azureEnvironmentName
  }
 
  # Add user object Id here
- $usersobjectId = Read-Host -Prompt "Enter the object Id (from Azure portal) of the user who will assigned to these security groups: "
-
- $user = Get-MgUser -UserId $usersobjectId 
+ $usersobjectId = Read-Host -Prompt "Enter the object Id (from Azure portal) of the user who will assigned to these security groups"
+ 
+ $user = Get-MgUser -UserId $usersobjectId
 
  Write-Host 'Found user -' 
  $user | Format-List ID, DisplayName, Mail, UserPrincipalName
 
  CreateGroupsAndAssignUser -user $user
 }
 
-if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) {
- Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) 
+{
+ Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser 
  Write-Host "Installed Microsoft.Graph.Authentication module. If you are having issues, please create a new PowerShell session and try again."
 }
 
 Import-Module Microsoft.Graph.Authentication
 
-if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups")) {
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups")) 
+{
  Install-Module "Microsoft.Graph.Groups" -Scope CurrentUser
  Write-Host "Installed Microsoft.Graph.Groups module. If you are having issues, please create a new PowerShell session and try again."
 }
 
 Import-Module Microsoft.Graph.Groups
 
-if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users")) {
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users")) 
+{
  Install-Module "Microsoft.Graph.Users" -Scope CurrentUser
  Write-Host "Installed Microsoft.Graph.Users module. If you are having issues, please create a new PowerShell session and try again."
 }
 
 Import-Module Microsoft.Graph.Users
 
+$ErrorActionPreference = "Stop"
+
 try 
 {
  ConfigureApplications -tenantId $tenantId -environment $azureEnvironmentName

5-AccessControl/2-call-api-groups/AppCreationScripts/BulkRemoveGroups.ps1

@@ -1,3 +1,4 @@
+
 [CmdletBinding()]
 param(
  [PSCredential] $Credential,
@@ -8,18 +9,21 @@ param(
 )
 
 <#.Description
- This function generates groups names
+ This function generates groups names.
 #> 
-Function GetGroupName([int] $val) {
+Function GetGroupName([int] $val) 
+{
 
  if ($val -lt 10) 
  {
  $groupName = "Test Group 00" + $val;
  }
- elseif ($val -lt 100) { 
+ elseif ($val -lt 100) 
+ { 
  $groupName = "Test Group 0" + $val;
  }
- else {
+ else 
+ {
  $groupName = "Test Group " + $val;
  }
 
@@ -28,40 +32,43 @@ Function GetGroupName([int] $val) {
 }
 
 <#.Description
- This function removes security groups from tenant
-#>
-Function RemoveGroups {
+ This function removes security groups from tenant
+#> 
+Function RemoveGroups
+{
  $val = 1;
- while ($val -ne 223) {
+ while ($val -ne 223) 
+ {
 
  $groupName = GetGroupName -val $val
 
  $group = Get-MgGroup -Filter "DisplayName eq '$groupName'"
-
  if ($group) 
  {
  Remove-MgGroup -GroupId $group.Id
- Write-Host "Successfully deleted $($group.DisplayName)"
+ Write-Host "Successfully deleted '$($group.DisplayName)'"
  }
  else 
  {
  Write-Host "Couldn't find group $($groupName) with ID: $($group.Id)"
- }
- 
+ } 
 
  $val += 1;
  }
 }
-<#.Description
- This function signs in the user to the tenant using Graph SDK 
-#> 
-Function ConfigureApplications {
 
- if (!$azureEnvironmentName) {
+<#.Description
+ This function signs in the user to the tenant using Graph SDK.
+#>
+Function ConfigureApplications 
+{
+ if (!$azureEnvironmentName) 
+ {
  $azureEnvironmentName = "Global"
  }
 
  Write-Host "Connecting to Microsoft Graph"
+
  if ($tenantId -eq "") 
  {
  Connect-MgGraph -Scopes "Group.ReadWrite.All" -Environment $azureEnvironmentName
@@ -72,16 +79,18 @@ Function ConfigureApplications {
  Connect-MgGraph -TenantId $tenantId -Scopes "Group.ReadWrite.All" -Environment $azureEnvironmentName
  }
 
- RemoveGroups 
+ # now remove groups
+ RemoveGroups
+
 }
 
 $ErrorActionPreference = "Stop"
 
 if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) 
 {
- Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser
- Write-Host "Installed Microsoft.Graph.Authentication module. If you are having issues, please create a new PowerShell session and try again."
+ Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser 
 }
+
 Import-Module Microsoft.Graph.Authentication
 
 if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups")) 
@@ -98,7 +107,6 @@ if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users"))
 
 Import-Module Microsoft.Graph.Users
 
-
 try 
 {
  ConfigureApplications -tenantId $tenantId -environment $azureEnvironmentName

5-AccessControl/2-call-api-groups/AppCreationScripts/Configure.ps1

@@ -485,8 +485,8 @@ Function ConfigureApplications
  Write-Host "IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal":
  Write-Host "- For client"
  Write-Host " - Navigate to $clientPortalUrl"
- Write-Host " - This script has created a group named 'GroupAdmin' for you. On Azure portal, navigate to Azure AD > Groups blade and assign some users to it." -ForegroundColor Red 
- Write-Host " - This script has created a group named 'GroupMember' for you. On Azure portal, navigate to Azure AD > Groups blade and assign some users to it." -ForegroundColor Red 
+ Write-Host " - This script has created a group named 'GroupAdmin' and 'GroupMember' for you. On Azure portal, navigate to Azure AD > Groups blade and assign some users to it." -ForegroundColor Red 
+ Write-Host " - To support overage scenario, remember to provide admin consent for GroupMember.Read.All permission in the portal." -ForegroundColor Red 
  Write-Host " - Security groups matching the names you provided have been created in this tenant (if not present already). On Azure portal, assign some users to it, and configure ID & Access tokens to emit Group IDs" -ForegroundColor Red 
  Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
 

5-AccessControl/2-call-api-groups/README.md

@@ -1,10 +1,8 @@
 ---
 page_type: sample
-services: ms-identity
-client: Angular SPA
-service: .NET Core web API
-level: 300
-languages:
+name: Angular single-page application calling a protected ASP.NET Core web API and using Security Groups to implement Role-Based Access Control
+description: An Angular single-page application calling a protected AspNet web API and using Security Groups to implement Role-Based Access Control (RBAC)
+- languages:
 - typescript
 - csharp
 - javascript
@@ -14,11 +12,14 @@ products:
 - msal-js
 - msal-angular
 - microsoft-identity-web
-platform: javascript
-endpoint: AAD v2.0
 urlFragment: ms-identity-javascript-angular-tutorial
-name: Angular single-page application calling a protected ASP.NET Core web API and using Security Groups to implement Role-Based Access Control
-description: An Angular single-page application calling a protected AspNet web API and using Security Groups to implement Role-Based Access Control (RBAC)
+extensions:
+- services: ms-identity
+- platform: javascript
+- endpoint: AAD v2.0
+- level: 300
+- client: Angular SPA
+- service: .NET Core web API
 ---
 
 # Angular single-page application calling a protected ASP.NET Core web API and using Security Groups to implement Role-Based Access Control