From 0f006337c4beb26662a8a0f4ce63da96078cbd2e Mon Sep 17 00:00:00 2001
From: Adam Driscoll <adamdriscoll@users.noreply.github.com>
Date: Tue, 3 Sep 2024 21:08:57 -0500
Subject: [PATCH] Azure Security. (#76)

---
 Graph/Azure.Security/.universal/roles.ps1 |  6 ++++++
 Graph/Azure.Security/Azure.Security.psd1  | 17 +++++++++++++++++
 Graph/Azure.Security/README.md            | 12 ++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 Graph/Azure.Security/.universal/roles.ps1
 create mode 100644 Graph/Azure.Security/Azure.Security.psd1
 create mode 100644 Graph/Azure.Security/README.md

diff --git a/Graph/Azure.Security/.universal/roles.ps1 b/Graph/Azure.Security/.universal/roles.ps1
new file mode 100644
index 0000000..e78b585
--- /dev/null
+++ b/Graph/Azure.Security/.universal/roles.ps1
@@ -0,0 +1,6 @@
+if ($PSUAzureSecurityTenantId) {
+    Connect-MgGraph -TenantId $PSUAzureSecurityTenantId -ClientSecretCredential $Secret:PSUAzureSecurityCredential -NoWelcome
+    Get-MgGroup | ForEach-Object {
+        New-PSURole -Name $_.DisplayName -ClaimType 'groups' -ClaimValue $_.Id -Description $_.Description
+    }
+}
\ No newline at end of file
diff --git a/Graph/Azure.Security/Azure.Security.psd1 b/Graph/Azure.Security/Azure.Security.psd1
new file mode 100644
index 0000000..0387473
--- /dev/null
+++ b/Graph/Azure.Security/Azure.Security.psd1
@@ -0,0 +1,17 @@
+@{
+    ModuleVersion = '1.0.0'
+    GUID          = '8c0637ef-efa0-4ccb-a9b6-f81b94b6b807'
+    Author        = 'Ironman Software'
+    CompanyName   = 'Ironman Software'
+    Copyright     = '(c) Ironman Software. All rights reserved.'
+    Description   = 'Azure Security integration for PowerShell Universal.'
+    PrivateData   = @{
+        PSData = @{
+            Tags       = @('app', 'weather')
+            LicenseUri = 'https://github.com/ironmansoftware/scripts/blob/main/LICENSE'
+            ProjectUri = 'https://github.com/ironmansoftware/scripts/tree/main/Graph/Azure.Security'
+            IconUri    = 'https://raw.githubusercontent.com/ironmansoftware/scripts/main/images/script.png'
+        } 
+    } 
+}
+
diff --git a/Graph/Azure.Security/README.md b/Graph/Azure.Security/README.md
new file mode 100644
index 0000000..7a739a5
--- /dev/null
+++ b/Graph/Azure.Security/README.md
@@ -0,0 +1,12 @@
+# Azure Security
+
+Creates PowerShell Universal roles based on Entra ID groups in Azure. In conjunction with OpenID Connect, the roles will automatically be assigned to users based on their group membership. You can then assign resources to these roles in PowerShell Universal.
+
+## Requirements
+
+- `Microsoft.Graph` module
+
+## Configuration
+
+- `$PSUAzureSecurityTenantId` - The Azure AD tenant ID. Required.
+- `$Secret:PSUAzureSecurityCredential` - The Azure AD application client ID (user name) and client secret (password). Required.
\ No newline at end of file