azurepowershellazure-ad-b2cidentity-experience-framework

Azure MgGraph Powershell Upload Identity Experience Framework Policy


I'm working on automating the creation of an Azure AD B2C tenant in Terraform, I can get many parts of it set up in Terraform but some parts I realize I can't, specifically Identity Experience Framework Custom Policies. I decided I would use PowerShell to upload these XML documents. I see that AzureAD is being deprecated this year, so I shouldn't use that PowerShell Module. Microsoft says that we should be using MgGraph now instead of AzureAD, and references the conversion documentation to go from AzureAD to MgGraph. The problem is that the exact functionality I need does not seem to be in MgGraph, specifically functions referenced in this SO answer, Get-AzureADMSTrustFrameworkPolicy, Set-AzureADMSTrustFrameworkPolicy which is now obsolete. (Referencing the most recent answer).

QUESTION So how do people automate the addition/removal of Custom Policies in Identity Experience Framework in a way that isn't going to be deprecated this year?

I really want to avoid needing to manually create these policies and the associated secrets. It seems like it should be straightforward to just upload a document and create a key, so hoping I'm just missing something obvious.


Solution

  • cmdlet mapping AzModule to MgGraph: https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0

    MSGraph REST API Docu: https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0

    The API Calls for your specific need: https://learn.microsoft.com/en-us/graph/api/resources/trustframeworkpolicy?view=graph-rest-beta

    switch to beta api

    select-mgprofile -name beta
    

    cmdlet to interact with the API:

    invoke-MgGraphRequest