-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathExternalTeamsAccess.ps1
67 lines (57 loc) · 2.62 KB
/
ExternalTeamsAccess.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#External Teams Access
function ExternalTeamsInvite {
mitre_details("ExternalTeamsAccess")
EnterTeam("`n[?] Enter Display Name of team to generate invitation for")
$target_team = $global:team_name
#Create External Account
try {
#Attemp inviting account. This will automatically fail and the rest of the module will continue as intended if the account being added is an internal account.
#If the account being added is an external account then the account will be invited and the rest of the module will continue.
$external_email_address = Read-Host -Prompt "`n[?] Enter (ext/int) email to grant access to Teams"
Write-Host ""
New-AzureADMSInvitation -InvitedUserDisplayName "$external_email_address" -InvitedUserEmailAddress $external_email_address -InviteRedirectURL https://myapps.microsoft.com -SendInvitationMessage $true | Out-Null
}
catch {
#Do nothing.
}
#Retrieve teams group ID
$team_details = Get-Team -DisplayName $target_team
$group_id = $team_details.GroupId
MAADWriteInfo "This configuration can sometimes take long to take effect"
[int]$time_limit_min = (Read-Host -Prompt "`n[?] Set wait limit (minutes)")
Write-Host ""
[int]$time_limit_sec = $time_limit_min*60
MAADWriteInfo "Long day - Grab some \_/)"
MAADWriteProcess "Config: Invited_Acc($external_email_address) -> Team($target_team)"
MAADWriteProcess "Confirming change completion"
#Add to teams group while waiting for the change to take effect
[int]$timer = 0
while ($timer -le $time_limit_sec){
try{
Add-TeamUser -GroupId $group_id -Role Member -User $external_email_address -ErrorAction Stop
MAADWriteSuccess "External Entity Added to Teams"
$allow_undo = $true
break
}
catch{
Start-sleep -Seconds 60
$timer = $timer+60
MAADWriteProcess "Waiting for account to replicate -> Wait status : $(($time_limit_sec - $timer)/60) minutes left"
}
}
if ($allow_undo -eq $true) {
$user_choice = Read-Host -Prompt "`n[?] Undo: Remove added user from team (y/n)"
Write-Host ""
if ($user_choice -notin "No","no","N","n") {
MAADWriteProcess "Removing new user from team -> $target_team"
try {
Remove-TeamUser -GroupId $group_id -User $external_email_address -ErrorAction Stop
MAADWriteSuccess "Removed new user from team"
}
catch {
MAADWriteError "Failed to remove new user from team"
}
}
}
MAADPause
}