Merge pull request #2291 from cboonham/chris-SupportApplicationPermissions

dpaulson45 · web-flow · commit c8e54dde33a3 · 2025-03-06T10:28:40.000-06:00
Add GraphAPI application permissions support
diff --git a/M365/Remove-MailboxExtendedProperty.ps1 b/M365/Remove-MailboxExtendedProperty.ps1
@@ -1,9 +1,9 @@
 ﻿# Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
-#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.4.0" }
-#Requires -Modules @{ ModuleName="Microsoft.Graph.Users"; ModuleVersion="2.24.0" }
-#Requires -Modules @{ ModuleName="Microsoft.Graph.Mail"; ModuleVersion="2.24.0" }
+#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.7.0" }
+#Requires -Modules @{ ModuleName="Microsoft.Graph.Users"; ModuleVersion="2.25.0" }
+#Requires -Modules @{ ModuleName="Microsoft.Graph.Mail"; ModuleVersion="2.25.0" }
 
 <#
 .SYNOPSIS
@@ -17,9 +17,17 @@
 
 .EXAMPLE
     $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
+    Delegated permissions:
+
     $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty
     .\Remove-MailboxExtendedProperty.ps1 -MessagesWithExtendedProperty $messagesWithExtendedProperty
 
+    Application permissions:
+
+    $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty -UserPrincipalName fred@contoso.com
+    .\Remove-MailboxExtendedProperty.ps1 -MessagesWithExtendedProperty $messagesWithExtendedProperty -UserPrincipalName fred@contoso.com
+
 #>
 [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')]
 param(
@@ -31,22 +39,33 @@ param(
                 throw "The parameter MailboxExtendedProperty doesn't appear to be the result from running 'Search-MailboxExtendedProperty'."
             }
         })]
-    $MessagesWithExtendedProperty
+    $MessagesWithExtendedProperty,
+    [Parameter(Mandatory = $false, Position = 1)]
+    $UserPrincipalName
 )
 
 process {
-    # Get the current Microsoft Graph context
-    $context = Get-MgContext
-    if ($null -eq $context) {
-        Write-Host -ForegroundColor Red "No valid context. Please connect to Microsoft Graph first."
-        return
-    }
+    if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey('UserPrincipalName')) {
+        # Get the user information for the supplied user principal name
+        $user = Get-MgUser -UserId $UserPrincipalName -Select 'displayName, id, mail, userPrincipalName'
+        if ($null -eq $user) {
+            Write-Host -ForegroundColor Red "No valid user. Please check the name and retry."
+            return
+        }
+    } else {
+        # Get the current Microsoft Graph context
+        $context = Get-MgContext
+        if ($null -eq $context) {
+            Write-Host -ForegroundColor Red "No valid context. Please connect to Microsoft Graph first."
+            return
+        }
 
-    # Get the user information for the context
-    $user = Get-MgUser -UserId $context.Account -Select 'displayName, id, mail, userPrincipalName'
-    if ($null -eq $user) {
-        Write-Host -ForegroundColor Red "No valid user. Please check the Microsoft Graph connection."
-        return
+        # Get the user information for the context
+        $user = Get-MgUser -UserId $context.Account -Select 'displayName, id, mail, userPrincipalName'
+        if ($null -eq $user) {
+            Write-Host -ForegroundColor Red "No valid user. Please check the Microsoft Graph connection."
+            return
+        }
     }
 
     Write-Host "Attempting to remove $($MessagesWithExtendedProperty.Count) extended properties from the mailbox of $($user.UserPrincipalName)."
diff --git a/M365/Search-MailboxExtendedProperty.ps1 b/M365/Search-MailboxExtendedProperty.ps1
@@ -1,9 +1,9 @@
 ﻿# Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
-#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.4.0" }
-#Requires -Modules @{ ModuleName="Microsoft.Graph.Users"; ModuleVersion="2.24.0" }
-#Requires -Modules @{ ModuleName="Microsoft.Graph.Mail"; ModuleVersion="2.24.0" }
+#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.7.0" }
+#Requires -Modules @{ ModuleName="Microsoft.Graph.Users"; ModuleVersion="2.25.0" }
+#Requires -Modules @{ ModuleName="Microsoft.Graph.Mail"; ModuleVersion="2.25.0" }
 
 <#
 .SYNOPSIS
@@ -20,7 +20,14 @@
 
 .EXAMPLE
     $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
+    Delegated permissions:
+
     $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty
+
+    Application permissions:
+
+    $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty -UserPrincipalName fred@contoso.com
 #>
 param(
     [Parameter(Mandatory = $true, Position = 0)]
@@ -31,7 +38,9 @@ param(
                 throw "The parameter MailboxExtendedProperty doesn't appear to be the result from running 'Get-MailboxExtendedProperty'."
             }
         })]
-    $MailboxExtendedProperty
+    $MailboxExtendedProperty,
+    [Parameter(Mandatory = $false, Position = 1)]
+    $UserPrincipalName
 )
 
 process {
@@ -69,18 +78,27 @@ process {
     # Messages found with the extended property
     $message = @()
 
-    # Get the current Microsoft Graph context
-    $context = Get-MgContext
-    if ($null -eq $context) {
-        Write-Host -ForegroundColor Red "No valid context. Please connect to Microsoft Graph first."
-        return
-    }
+    if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey('UserPrincipalName')) {
+        # Get the user information for the supplied user principal name
+        $user = Get-MgUser -UserId $UserPrincipalName -Select 'displayName, id, mail, userPrincipalName'
+        if ($null -eq $user) {
+            Write-Host -ForegroundColor Red "No valid user. Please check the name and retry."
+            return
+        }
+    } else {
+        # Get the current Microsoft Graph context
+        $context = Get-MgContext
+        if ($null -eq $context) {
+            Write-Host -ForegroundColor Red "No valid context. Please connect to Microsoft Graph first."
+            return
+        }
 
-    # Get the user information for the context
-    $user = Get-MgUser -UserId $context.Account -Select 'displayName, id, mail, userPrincipalName'
-    if ($null -eq $user) {
-        Write-Host -ForegroundColor Red "No valid user. Please check the Microsoft Graph connection."
-        return
+        # Get the user information for the context
+        $user = Get-MgUser -UserId $context.Account -Select 'displayName, id, mail, userPrincipalName'
+        if ($null -eq $user) {
+            Write-Host -ForegroundColor Red "No valid user. Please check the Microsoft Graph connection."
+            return
+        }
     }
 
     Write-Host "Searching for mailbox items with the specified $($MailboxExtendedProperty.Count) extended properties in the mailbox of $($user.UserPrincipalName)."
diff --git a/M365/Test-MailboxExtendedProperty.ps1 b/M365/Test-MailboxExtendedProperty.ps1
@@ -1,7 +1,7 @@
 ﻿# Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
-#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.4.0" }
+#Requires -Modules @{ ModuleName="ExchangeOnlineManagement"; ModuleVersion="3.7.0" }
 
 <#
 .SYNOPSIS
@@ -14,7 +14,7 @@
     The identity of the user whose mailbox extended properties are to be retrieved.
 
 .PARAMETER Threshold
-    The quota threshold to check for having exceeded. Default is 0.9, which is 90% of the allowed quota.
+    The quota threshold to check for having exceeded. Default is 1.0, which is 100% of the allowed quota.
 
 .PARAMETER SelectFirst
     The number of sorted descending results to select, when checking any namespace or same name prefix quota. Default is 10.
@@ -30,7 +30,7 @@ param(
     $Identity,
     [Parameter(Mandatory = $false, Position = 1)]
     [ValidateRange(0.0, 1.0)]
-    [double]$Threshold = 0.9,
+    [double]$Threshold = 1.0,
     [Parameter(Mandatory = $false, Position = 2)]
     $SelectFirst = 10
 )
diff --git a/docs/M365/Remove-MailboxExtendedProperty.md b/docs/M365/Remove-MailboxExtendedProperty.md
@@ -16,13 +16,22 @@ Lastly, repeat the search to check the named properties no longer appear in the
 
 ### Syntax:
 
-Example to search the mailbox for messages with any named properties matching the specific pattern and remove them from the messages.
+Example to search the mailbox for messages with any named properties matching the specific pattern and remove them from the messages, using delegated access.
 ```PowerShell
     $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
     $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty
     .\Remove-MailboxExtendedProperty.ps1 -MessagesWithExtendedProperty $messagesWithExtendedProperty
 ```
 
+Example to search the mailbox for messages with any named properties matching the specific pattern and remove them from the messages, using application access.
+```PowerShell
+    $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
+    $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty -UserPrincipalName fred@contoso.com
+    .\Remove-MailboxExtendedProperty.ps1 -MessagesWithExtendedProperty $messagesWithExtendedProperty -UserPrincipalName fred@contoso.com
+```
+
 ## Prerequisites
 
 This script uses the [ExchangeOnlineManagement PowerShell module](Search-MailboxExtendedProperty.md#install-exchangeonlinemanagement-powershell-module) and an Exchange Online connection to be successfully established by a Tenant Admin.
@@ -48,3 +57,13 @@ To connect to Graph, using delegated access, and you don't know the credentials
 ```PowerShell
     Connect-MgGraph -TenantId 2bbb42ba-e564-4f7b-9765-e19bc80c6123 -ClientId 8af900d8-db73-4918-81ef-3d35a873b6b2 -Scopes "User.Read Mail.ReadWrite" -UseDeviceCode
 ```
+
+To connect to Graph, using application access and a shared secret, to search by a tenant administrator against another mailbox in the tenant.
+
+```PowerShell
+    $clientId = "8af900d8-db73-4918-81ef-3d35a873b6b2"
+    $clientSecret = "<your secret>"
+    $secureClientSecret = ConvertTo-SecureString -String $clientSecret -AsPlainText -Force
+    $clientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientId, $secureClientSecret
+    Connect-MgGraph -ClientSecretCredential $clientSecretCredential -TenantId 2bbb42ba-e564-4f7b-9765-e19bc80c6123
+```
diff --git a/docs/M365/Search-MailboxExtendedProperty.md b/docs/M365/Search-MailboxExtendedProperty.md
@@ -26,12 +26,20 @@ There are some limitations: the search is limited to messages (extended properti
 
 ### Syntax:
 
-Example to search the mailbox for messages with any named properties matching the specific pattern.
+Example to search the mailbox for messages with any named properties matching the specific pattern, using delegated access.
 ```PowerShell
     $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
     $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty
 ```
 
+Example to search the mailbox for messages with any named properties matching the specific pattern, using application access.
+```PowerShell
+    $mailboxExtendedProperty = Get-MailboxExtendedProperty -Identity fred@contoso.com | Where-Object { $_.PropertyName -like '*Some Pattern*' }
+
+    $messagesWithExtendedProperty = .\Search-MailboxExtendedProperty.ps1 -MailboxExtendedProperty $mailboxExtendedProperty -UserPrincipalName fred@contoso.com
+```
+
 ## Prerequisites
 
 This script uses the [ExchangeOnlineManagement PowerShell module](#install-exchangeonlinemanagement-powershell-module) and an Exchange Online connection to be successfully established by a Tenant Admin.
@@ -58,17 +66,27 @@ To connect to Graph, using delegated access, and you don't know the credentials
     Connect-MgGraph -TenantId 2bbb42ba-e564-4f7b-9765-e19bc80c6123 -ClientId 8af900d8-db73-4918-81ef-3d35a873b6b2 -Scopes "User.Read Mail.ReadWrite" -UseDeviceCode
 ```
 
+To connect to Graph, using application access and a shared secret, to search by a tenant administrator against another mailbox in the tenant.
+
+```PowerShell
+    $clientId = "8af900d8-db73-4918-81ef-3d35a873b6b2"
+    $clientSecret = "<your secret>"
+    $secureClientSecret = ConvertTo-SecureString -String $clientSecret -AsPlainText -Force
+    $clientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientId, $secureClientSecret
+    Connect-MgGraph -ClientSecretCredential $clientSecretCredential -TenantId 2bbb42ba-e564-4f7b-9765-e19bc80c6123
+```
+
 ### Install ExchangeOnlineManagement PowerShell module
 
 ``` PowerShell
-    Install-Module ExchangeOnlineManagement -RequiredVersion 3.4.0
+    Install-Module ExchangeOnlineManagement -RequiredVersion 3.7.0
 ```
 
 ### Install Microsoft Graph PowerShell modules
 
 ``` PowerShell
-    Install-Module Microsoft.Graph.Users -RequiredVersion 2.24.0
-    Install-Module Microsoft.Graph.Mail -RequiredVersion 2.24.0
+    Install-Module Microsoft.Graph.Users -RequiredVersion 2.25.0
+    Install-Module Microsoft.Graph.Mail -RequiredVersion 2.25.0
 ```
 
 ### Azure App registration
