CloudServicesScriptContext

The CloudServicesScriptContext class is used to work with cloud services. To access an instance of this class, use the CloudServices property of the predefined PowerShell variable called $Context in your script.

Inheritance: Object

Methods

  • Method

  • Description

  • GetAzureAuthAccessToken()

  • Returns an authentication token for the Microsoft 365 tenant associated with the object. The token can be used for Microsoft Graph API only.

  • GetAzureAuthAccessToken(string)

  • Returns an authentication token to be used to authenticate to the specified resource in the Microsoft 365 tenant associated with the object.

  • ConnectExchangeOnline()

  • Creates a PowerShell connection to the Exchange Online organization the object is associated with.

Properties

  • Property

  • Description

  • AzureTenant

  • Gets information about the object's Microsoft Entra tenant.

Details

GetAzureAuthAccessToken()

Returns an authentication token for the Microsoft 365 tenant associated with the object. The token can be used for Microsoft Graph API only.

string GetAzureAuthAccessToken()

Examples

The following code sample gets the date when the user last logged on to Microsoft Entra ID.

# Get access token for Microsoft Graph API
$token = $Context.CloudServices.GetAzureAuthAccessToken()

# Get the last logon date
$url = 'https://graph.microsoft.com/beta/users/' + $user.AzureId + '?$select=signInActivity'
$response = Invoke-RestMethod -Method GET `
    -uri $url `
    -Headers @{Authorization="Bearer $token"}

$lastLogonDate = $response.signInActivity.lastSignInDateTime

GetAzureAuthAccessToken(string)

Returns an authentication token to be used to authenticate to the specified resource in the Microsoft 365 tenant associated with the object.

string GetAzureAuthAccessToken(string resourceId)

Parameters

The resourceId parameter specifies the identifier of the resource for which to retrieve an authentication token.

Examples

The following code sample uses Microsoft Graph API to add the user to Microsoft Entra groups containing the word Sales in their names.

# Get access token for Microsoft Graph
$token = $Context.CloudServices.GetAzureAuthAccessToken("https://graph.microsoft.com")

# Add the user to the groups
Connect-MgGraph -AccessToken $token
$groups = Get-MgGroup -ConsistencyLevel eventual -Search "DisplayName:Sales"

foreach ($group in $groups)
{
    New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $Context.TargetObject.AzureId
}

ConnectExchangeOnline()

Creates a PowerShell connection to the Exchange Online organization the object is associated with.

void ConnectExchangeOnline()

Examples

The following code sample converts the user's mailbox into a shared mailbox in Exchange Online.

$Context.CloudServices.ConnectExchangeOnline()

# Change mailbox type
Set-Mailbox $user.AzureId -Type Shared

AzureTenant

Gets information about the object's Microsoft Entra tenant. For an Active Directory object the property gets information about the Microsoft 365 tenant the object is associated with.

Remarks

For Active Directory objects not associated with any Microsoft 365 tenant the property is null.

Examples

The following code sample updates user permissions over a SharePoint Online folder in the specified site.

$url = "https://company.sharepoint.com/sites/MySite"

# Get Entra ID app identifier
$appId = $Context.CloudServices.AzureTenant.AuthApplicationId

# Connecto to SharePoint Online
try
{
    Connect-PnPOnline -Url $url -ClientId $appId -Thumbprint $certificateThumbprint`
        -Tenant "company.onmicrosoft.com"
    
    # Grant user permissions
    Set-PnPFolderPermission -List "Shared Documents" -Identity "Shared Documents/Folder"`
        -User "%userPrincipalName%" -AddRole "Contribute"
}
finally
{
    # Close the connection and release resources
    Disconnect-PnPOnline
}

Requirements

Minimum required version: 2023

See also