CriticalSolutionsNetwork · DrIOSX · Mar 14, 2025 · Mar 11, 2025 · Mar 12, 2025 · Mar 12, 2025
diff --git a/.gitignore b/.gitignore
@@ -4,7 +4,7 @@ output/
 *.local.*
 !**/README.md
 .kitchen/
-
+/scripts/
 *.nupkg
 *.suo
 *.user
@@ -16,3 +16,5 @@ markdownissues.txt
 node_modules
 package-lock.json
 ZZBuild-Help.ps1
+test1.ps1
+helpdoc.ps1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Added cert options to the GraphAppToolkit send email.
+- Updated auth methods to invoke needed permissions only.
+- Added private functions to handle existing certs and secrets.
+- Added support for -WhatIf and -Confirm parameters to cmdlets.
+- Renamed private function "New-TkAppName" to "Initialize-TkAppName".
+- Renamed private function "New-TkRequiredResourcePermissionObject" to "Initialize-TkRequiredResourcePermissionObject".
+- Updated documentation across the module (README.md, help XML files, and about_GraphAppToolkit.help.txt).
+- Enhanced logging in private functions for improved auditability.
+- Switch parameter for removing domain suffix from the app name.
+- Certificate subject to param splat export.
+- Permissions to comment based help.
+- Initial test cases structure for Pester with rudimentary tests.
+
+### Fixed
+
+- Fixed formatting.
+- Manual app call for sending email.
+- Confirm to high for connect function.
+- Corrected parameter block formatting and alignment issues in multiple cmdlets.
+- Fixed Connect function ShouldProcess output.
+
+## [0.1.2] - 2025-03-11
+
+### Added
+
 - Added class definitions for GraphAppToolkit
 
 ## [0.1.1] - 2025-03-10
@@ -27,4 +52,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Initial release of GraphAppToolkit
+- Initial release of GraphAppToolkit
diff --git a/README.md b/README.md
diff --git a/README2.md b/README2.md
diff --git a/docs/index.html b/docs/index.html
diff --git a/help/GraphAppToolkit.md b/help/GraphAppToolkit.md
@@ -1,4 +1,4 @@
----
+---
 Module Name: GraphAppToolkit
 Module Guid: b5426317-5612-4483-b664-beafc448bc2f
 Download Help Link: {{ Update Download Link }}
@@ -8,22 +8,22 @@ Locale: en-US
 
 # GraphAppToolkit Module
 ## Description
-{{ Fill in the Description }}
+The GraphAppToolkit module provides a collection of PowerShell functions to automate the management of Azure AD (Entra ID) application registrations. It streamlines the deployment of Microsoft Graph-powered applications, focusing on app-only authentication using certificates, secure credential storage, and operational automation. This module is designed to: - Enable certificate-based authentication for Microsoft Graph applications. - Simplify email sending from service principals. - Automate Intune (MEM) policy management . - Deploy M365 audit apps with read-write permissions. - Securely manage mail-enabled security groups for restricted send scenarios. GraphAppToolkit is ideal for IT admins, security engineers, and DevOps teams managing Microsoft 365 and Entra ID workloads.
 
 ## GraphAppToolkit Cmdlets
-### [New-MailEnabledSendingGroup](New-MailEnabledSendingGroup.md)
+### [New-MailEnabledSendingGroup](New-MailEnabledSendingGroup)
 Creates or retrieves a mail-enabled security group with a custom or default domain.
 
-### [Publish-TkEmailApp](Publish-TkEmailApp.md)
+### [Publish-TkEmailApp](Publish-TkEmailApp)
 Deploys a new Microsoft Graph Email app and associates it with a certificate for app-only authentication.
 
-### [Publish-TkM365AuditApp](Publish-TkM365AuditApp.md)
+### [Publish-TkM365AuditApp](Publish-TkM365AuditApp)
 Publishes (creates) a new M365 Audit App registration in Entra ID (Azure AD) with a specified certificate.
 
-### [Publish-TkMemPolicyManagerApp](Publish-TkMemPolicyManagerApp.md)
+### [Publish-TkMemPolicyManagerApp](Publish-TkMemPolicyManagerApp)
 Publishes a new MEM (Intune) Policy Manager App in Azure AD with read-only or read-write permissions.
 
-### [Send-TkEmailAppMessage](Send-TkEmailAppMessage.md)
+### [Send-TkEmailAppMessage](Send-TkEmailAppMessage)
 Sends an email using the Microsoft Graph API, either by retrieving app credentials from a local vault
 or by specifying them manually.
 
diff --git a/help/New-MailEnabledSendingGroup.md b/help/New-MailEnabledSendingGroup.md
@@ -15,13 +15,13 @@ Creates or retrieves a mail-enabled security group with a custom or default doma
 ### CustomDomain (Default)
 ```
 New-MailEnabledSendingGroup -Name <String> [-Alias <String>] -PrimarySmtpAddress <String>
- [-ProgressAction <ActionPreference>] [<CommonParameters>]
+ [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### DefaultDomain
 ```
 New-MailEnabledSendingGroup -Name <String> [-Alias <String>] -DefaultDomain <String>
- [-ProgressAction <ActionPreference>] [<CommonParameters>]
+ [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -109,6 +109,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -WhatIf
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 

diff --git a/help/Publish-TkEmailApp.md b/help/Publish-TkEmailApp.md
@@ -12,11 +12,19 @@ Deploys a new Microsoft Graph Email app and associates it with a certificate for
 
 ## SYNTAX
 
+### CreateNewApp (Default)
 ```
-Publish-TkEmailApp [-AppPrefix] <String> [-AuthorizedSenderUserName] <String>
- [-MailEnabledSendingGroup] <String> [[-CertThumbprint] <String>] [[-KeyExportPolicy] <String>]
- [[-VaultName] <String>] [-OverwriteVaultSecret] [-ReturnParamSplat] [-ProgressAction <ActionPreference>]
- [-WhatIf] [-Confirm] [<CommonParameters>]
+Publish-TkEmailApp [-AppPrefix <String>] -AuthorizedSenderUserName <String> -MailEnabledSendingGroup <String>
+ [-CertPrefix <String>] [-CertThumbprint <String>] [-KeyExportPolicy <String>] [-VaultName <String>]
+ [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [-ProgressAction <ActionPreference>]
+ [<CommonParameters>]
+```
+
+### UseExistingApp
+```
+Publish-TkEmailApp -ExistingAppObjectId <String> -CertPrefix <String> [-CertThumbprint <String>]
+ [-KeyExportPolicy <String>] [-VaultName <String>] [-OverwriteVaultSecret] [-ReturnParamSplat]
+ [-DoNotUseDomainSuffix] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -44,11 +52,11 @@ grouping purposes (2-4 alphanumeric characters).
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: CreateNewApp
 Aliases:
 
-Required: True
-Position: 1
+Required: False
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -59,11 +67,11 @@ The username of the authorized sender.
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: CreateNewApp
 Aliases:
 
 Required: True
-Position: 2
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -76,11 +84,53 @@ app policy restrictions.
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: CreateNewApp
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExistingAppObjectId
+The AppId of the existing App Registration to which you want to attach a certificate. Must be a valid GUID.
+
+```yaml
+Type: String
+Parameter Sets: UseExistingApp
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -CertPrefix
+Prefix to add to the certificate subject for the existing app.
+
+```yaml
+Type: String
+Parameter Sets: CreateNewApp
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+```yaml
+Type: String
+Parameter Sets: UseExistingApp
 Aliases:
 
 Required: True
-Position: 3
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -97,7 +147,7 @@ Parameter Sets: (All)
 Aliases:
 
 Required: False
-Position: 4
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -115,7 +165,7 @@ Parameter Sets: (All)
 Aliases:
 
 Required: False
-Position: 5
+Position: Named
 Default value: NonExportable
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -132,7 +182,7 @@ Parameter Sets: (All)
 Aliases:
 
 Required: False
-Position: 6
+Position: Named
 Default value: GraphEmailAppLocalStore
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -170,33 +220,17 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases: wi
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
+### -DoNotUseDomainSuffix
+Switch to add session domain suffix to the app name.
 
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
-Aliases: cf
+Aliases:
 
 Required: False
 Position: Named
-Default value: None
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -221,12 +255,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-### None
 ## OUTPUTS
 
-### By default, returns a PSCustomObject containing details such as AppId, CertThumbprint,
-### TenantID, and CertExpires. If -ReturnParamSplat is specified, returns the parameter
-### splat instead.
 ## NOTES
 This cmdlet requires that the user running the cmdlet have the necessary permissions to
 create the app and connect to Exchange Online.

diff --git a/help/Publish-TkM365AuditApp.md b/help/Publish-TkM365AuditApp.md
@@ -14,8 +14,8 @@ Publishes (creates) a new M365 Audit App registration in Entra ID (Azure AD) wit
 
 ```
 Publish-TkM365AuditApp [[-AppPrefix] <String>] [[-CertThumbprint] <String>] [[-KeyExportPolicy] <String>]
- [[-VaultName] <String>] [-OverwriteVaultSecret] [-ReturnParamSplat] [-ProgressAction <ActionPreference>]
- [-WhatIf] [-Confirm] [<CommonParameters>]
+ [[-VaultName] <String>] [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix]
+ [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -137,33 +137,17 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
+### -DoNotUseDomainSuffix
+If specified, does not append the domain suffix to the app name.
 
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
-Aliases: wi
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases: cf
+Aliases:
 
 Required: False
 Position: Named
-Default value: None
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```