@pnp/cli-microsoft365 10.0.0-beta.66db729 → 10.0.0-beta.7be7794

package/dist/m365/commands/login.js

@@ -21,7 +21,8 @@ const options = globalOptionsZod
     appId: z.string().optional(),
     tenant: z.string().optional(),
     secret: zod.alias('s', z.string().optional()),
-    connectionName: z.string().optional()
+    connectionName: z.string().optional(),
+    ensure: z.boolean().optional()
 })
     .strict();
 class LoginCommand extends Command {
@@ -67,75 +68,16 @@ class LoginCommand extends Command {
         });
     }
     async commandAction(logger, args) {
-        // disconnect before re-connecting
         if (this.debug) {
             await logger.logToStderr(`Logging out from Microsoft 365...`);
         }
-        const deactivate = () => auth.connection.deactivate();
-        const getCertificate = (options) => {
-            // command args take precedence over settings
-            if (options.certificateFile) {
-                return fs.readFileSync(options.certificateFile).toString('base64');
-            }
-            if (options.certificateBase64Encoded) {
-                return options.certificateBase64Encoded;
-            }
-            return cli.getConfig().get(settingsNames.clientCertificateFile) ||
-                cli.getConfig().get(settingsNames.clientCertificateBase64Encoded);
-        };
-        const login = async () => {
-            if (this.verbose) {
-                await logger.logToStderr(`Signing in to Microsoft 365...`);
-            }
-            const authType = args.options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
-            auth.connection.appId = args.options.appId || cli.getClientId();
-            auth.connection.tenant = args.options.tenant || cli.getTenant();
-            auth.connection.name = args.options.connectionName;
-            switch (authType) {
-                case 'password':
-                    auth.connection.authType = AuthType.Password;
-                    auth.connection.userName = args.options.userName;
-                    auth.connection.password = args.options.password;
-                    break;
-                case 'certificate':
-                    auth.connection.authType = AuthType.Certificate;
-                    auth.connection.certificate = getCertificate(args.options);
-                    auth.connection.thumbprint = args.options.thumbprint;
-                    auth.connection.password = args.options.password ?? cli.getConfig().get(settingsNames.clientCertificatePassword);
-                    break;
-                case 'identity':
-                    auth.connection.authType = AuthType.Identity;
-                    auth.connection.userName = args.options.userName;
-                    break;
-                case 'browser':
-                    auth.connection.authType = AuthType.Browser;
-                    break;
-                case 'secret':
-                    auth.connection.authType = AuthType.Secret;
-                    auth.connection.secret = args.options.secret || cli.getConfig().get(settingsNames.clientSecret);
-                    break;
-            }
-            auth.connection.cloudType = args.options.cloud;
-            try {
-                await auth.ensureAccessToken(auth.defaultResource, logger, this.debug);
-                auth.connection.active = true;
-            }
-            catch (error) {
-                if (this.debug) {
-                    await logger.logToStderr('Error:');
-                    await logger.logToStderr(error);
-                    await logger.logToStderr('');
-                }
-                throw new CommandError(error.message);
-            }
-            const details = auth.getConnectionDetails(auth.connection);
-            if (this.debug) {
-                details.accessToken = JSON.stringify(auth.connection.accessTokens, null, 2);
-            }
-            await logger.log(details);
-        };
-        deactivate();
-        await login();
+        if (this.shouldLogin(args.options)) {
+            auth.connection.deactivate();
+            await this.login(logger, args);
+        }
+        else {
+            await this.ensureAccessToken(logger);
+        }
     }
     async action(logger, args) {
         try {
@@ -147,6 +89,117 @@ class LoginCommand extends Command {
         await this.initAction(args, logger);
         await this.commandAction(logger, args);
     }
+    shouldLogin(options) {
+        if (!auth.connection.active) {
+            return true;
+        }
+        if (!options.ensure) {
+            return true;
+        }
+        const authType = options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
+        if (authType !== auth.connection.authType) {
+            return true;
+        }
+        if (options.cloud !== auth.connection.cloudType) {
+            return true;
+        }
+        if (options.appId && options.appId !== auth.connection.appId) {
+            return true;
+        }
+        if (options.tenant && options.tenant !== auth.connection.tenant) {
+            return true;
+        }
+        if (authType === AuthType.Password && (options.password && options.userName !== auth.connection.userName)) {
+            return true;
+        }
+        if (authType === AuthType.Certificate && (options.certificateFile && (auth.connection.certificate !== fs.readFileSync(options.certificateFile, 'base64')))) {
+            return true;
+        }
+        if (authType === AuthType.Identity && (options.userName && options.userName !== auth.connection.userName)) {
+            return true;
+        }
+        if (authType === AuthType.Secret && (options.secret && options.secret !== auth.connection.secret)) {
+            return true;
+        }
+        const now = new Date();
+        const accessToken = auth.connection.accessTokens[auth.defaultResource];
+        const expiresOn = accessToken && accessToken.expiresOn ?
+            // if expiresOn is serialized from the service file, it's set as a string
+            // if it's coming from MSAL, it's a Date
+            typeof accessToken.expiresOn === 'string' ? new Date(accessToken.expiresOn) : accessToken.expiresOn
+            : new Date(0);
+        if (expiresOn < now) {
+            return true;
+        }
+        return false;
+    }
+    async ensureAccessToken(logger) {
+        try {
+            await auth.ensureAccessToken(auth.defaultResource, logger, this.debug);
+            auth.connection.active = true;
+        }
+        catch (error) {
+            if (this.debug) {
+                await logger.logToStderr('Error:');
+                await logger.logToStderr(error);
+                await logger.logToStderr('');
+            }
+            throw new CommandError(error.message);
+        }
+    }
+    getCertificate(options) {
+        // command args take precedence over settings
+        if (options.certificateFile) {
+            return fs.readFileSync(options.certificateFile).toString('base64');
+        }
+        if (options.certificateBase64Encoded) {
+            return options.certificateBase64Encoded;
+        }
+        return cli.getConfig().get(settingsNames.clientCertificateFile) ||
+            cli.getConfig().get(settingsNames.clientCertificateBase64Encoded);
+    }
+    ;
+    async login(logger, args) {
+        if (this.verbose) {
+            await logger.logToStderr(`Signing in to Microsoft 365...`);
+        }
+        const authType = args.options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
+        auth.connection.appId = args.options.appId || cli.getClientId();
+        auth.connection.tenant = args.options.tenant || cli.getTenant();
+        auth.connection.name = args.options.connectionName;
+        switch (authType) {
+            case 'password':
+                auth.connection.authType = AuthType.Password;
+                auth.connection.userName = args.options.userName;
+                auth.connection.password = args.options.password;
+                break;
+            case 'certificate':
+                auth.connection.authType = AuthType.Certificate;
+                auth.connection.certificate = this.getCertificate(args.options);
+                auth.connection.thumbprint = args.options.thumbprint;
+                auth.connection.password = args.options.password ?? cli.getConfig().get(settingsNames.clientCertificatePassword);
+                break;
+            case 'identity':
+                auth.connection.authType = AuthType.Identity;
+                auth.connection.userName = args.options.userName;
+                break;
+            case 'browser':
+                auth.connection.authType = AuthType.Browser;
+                break;
+            case 'secret':
+                auth.connection.authType = AuthType.Secret;
+                auth.connection.secret = args.options.secret || cli.getConfig().get(settingsNames.clientSecret);
+                break;
+        }
+        auth.connection.cloudType = args.options.cloud;
+        await this.ensureAccessToken(logger);
+        const details = auth.getConnectionDetails(auth.connection);
+        if (this.debug) {
+            details.accessToken = JSON.stringify(auth.connection.accessTokens, null, 2);
+        }
+        await logger.log(details);
+    }
+    ;
 }
 export default new LoginCommand();
 //# sourceMappingURL=login.js.map

package/dist/m365/entra/commands/m365group/m365group-set.js

@@ -15,6 +15,9 @@ import { entraGroup } from '../../../../utils/entraGroup.js';
 import aadCommands from '../../aadCommands.js';
 import { accessToken } from '../../../../utils/accessToken.js';
 import auth from '../../../../Auth.js';
+import { entraUser } from '../../../../utils/entraUser.js';
+import { formatting } from '../../../../utils/formatting.js';
+import { odata } from '../../../../utils/odata.js';
 class EntraM365GroupSetCommand extends GraphCommand {
     get name() {
         return commands.M365GROUP_SET;
@@ -102,59 +105,13 @@ class EntraM365GroupSetCommand extends GraphCommand {
             else if (this.debug) {
                 await logger.logToStderr('logoPath not set. Skipping');
             }
-            if (args.options.owners) {
-                const owners = args.options.owners.split(',').map(o => o.trim());
-                if (this.verbose) {
-                    await logger.logToStderr('Retrieving user information to set group owners...');
-                }
-                const requestOptions = {
-                    url: `${this.resource}/v1.0/users?$filter=${owners.map(o => `userPrincipalName eq '${o}'`).join(' or ')}&$select=id`,
-                    headers: {
-                        'content-type': 'application/json'
-                    },
-                    responseType: 'json'
-                };
-                const res = await request.get(requestOptions);
-                await Promise.all(res.value.map(u => request.post({
-                    url: `${this.resource}/v1.0/groups/${groupId}/owners/$ref`,
-                    headers: {
-                        'content-type': 'application/json'
-                    },
-                    responseType: 'json',
-                    data: {
-                        "@odata.id": `https://graph.microsoft.com/v1.0/users/${u.id}`
-                    }
-                })));
-            }
-            else if (this.debug) {
-                await logger.logToStderr('Owners not set. Skipping');
-            }
-            if (args.options.members) {
-                const members = args.options.members.split(',').map(o => o.trim());
-                if (this.verbose) {
-                    await logger.logToStderr('Retrieving user information to set group members...');
-                }
-                const requestOptions = {
-                    url: `${this.resource}/v1.0/users?$filter=${members.map(o => `userPrincipalName eq '${o}'`).join(' or ')}&$select=id`,
-                    headers: {
-                        'content-type': 'application/json'
-                    },
-                    responseType: 'json'
-                };
-                const res = await request.get(requestOptions);
-                await Promise.all(res.value.map(u => request.post({
-                    url: `${this.resource}/v1.0/groups/${groupId}/members/$ref`,
-                    headers: {
-                        'content-type': 'application/json'
-                    },
-                    responseType: 'json',
-                    data: {
-                        "@odata.id": `https://graph.microsoft.com/v1.0/users/${u.id}`
-                    }
-                })));
+            const ownerIds = await this.getUserIds(logger, args.options.ownerIds, args.options.ownerUserNames);
+            const memberIds = await this.getUserIds(logger, args.options.memberIds, args.options.memberUserNames);
+            if (ownerIds.length > 0) {
+                await this.updateUsers(logger, groupId, 'owners', ownerIds);
             }
-            else if (this.debug) {
-                await logger.logToStderr('Members not set. Skipping');
+            if (memberIds.length > 0) {
+                await this.updateUsers(logger, groupId, 'members', memberIds);
             }
         }
         catch (err) {
@@ -186,6 +143,87 @@ class EntraM365GroupSetCommand extends GraphCommand {
                 return 'image/jpeg';
         }
     }
+    async getUserIds(logger, userIds, userNames) {
+        if (userIds) {
+            return formatting.splitAndTrim(userIds);
+        }
+        if (userNames) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving user IDs...`);
+            }
+            return entraUser.getUserIdsByUpns(formatting.splitAndTrim(userNames));
+        }
+        return [];
+    }
+    async updateUsers(logger, groupId, role, userIds) {
+        const groupUsers = await odata.getAllItems(`${this.resource}/v1.0/groups/${groupId}/${role}/microsoft.graph.user?$select=id`);
+        const userIdsToAdd = userIds.filter(userId => !groupUsers.some(groupUser => groupUser.id === userId));
+        const userIdsToRemove = groupUsers.filter(groupUser => !userIds.some(userId => groupUser.id === userId)).map(user => user.id);
+        if (this.verbose) {
+            await logger.logToStderr(`Adding ${userIdsToAdd.length} ${role}...`);
+        }
+        for (let i = 0; i < userIdsToAdd.length; i += 400) {
+            const userIdsBatch = userIdsToAdd.slice(i, i + 400);
+            const batchRequestOptions = this.getBatchRequestOptions();
+            // only 20 requests per one batch are allowed
+            for (let j = 0; j < userIdsBatch.length; j += 20) {
+                // only 20 users can be added in one request
+                const userIdsChunk = userIdsBatch.slice(j, j + 20);
+                batchRequestOptions.data.requests.push({
+                    id: j + 1,
+                    method: 'PATCH',
+                    url: `/groups/${groupId}`,
+                    headers: {
+                        'content-type': 'application/json;odata.metadata=none',
+                        accept: 'application/json;odata.metadata=none'
+                    },
+                    body: {
+                        [`${role}@odata.bind`]: userIdsChunk.map(u => `${this.resource}/v1.0/directoryObjects/${u}`)
+                    }
+                });
+            }
+            const res = await request.post(batchRequestOptions);
+            for (const response of res.responses) {
+                if (response.status !== 204) {
+                    throw response.body;
+                }
+            }
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Removing ${userIdsToRemove.length} ${role}...`);
+        }
+        for (let i = 0; i < userIdsToRemove.length; i += 20) {
+            const userIdsBatch = userIdsToRemove.slice(i, i + 20);
+            const batchRequestOptions = this.getBatchRequestOptions();
+            userIdsBatch.map(userId => {
+                batchRequestOptions.data.requests.push({
+                    id: userId,
+                    method: 'DELETE',
+                    url: `/groups/${groupId}/${role}/${userId}/$ref`
+                });
+            });
+            const res = await request.post(batchRequestOptions);
+            for (const response of res.responses) {
+                if (response.status !== 204) {
+                    throw response.body;
+                }
+            }
+        }
+    }
+    getBatchRequestOptions() {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/$batch`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none',
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                requests: []
+            }
+        };
+        return requestOptions;
+    }
 }
 _EntraM365GroupSetCommand_instances = new WeakSet(), _EntraM365GroupSetCommand_initTelemetry = function _EntraM365GroupSetCommand_initTelemetry() {
     this.telemetry.push((args) => {
@@ -194,8 +232,10 @@ _EntraM365GroupSetCommand_instances = new WeakSet(), _EntraM365GroupSetCommand_i
             displayName: typeof args.options.displayName !== 'undefined',
             newDisplayName: typeof args.options.newDisplayName !== 'undefined',
             description: typeof args.options.description !== 'undefined',
-            owners: typeof args.options.owners !== 'undefined',
-            members: typeof args.options.members !== 'undefined',
+            ownerIds: typeof args.options.ownerIds !== 'undefined',
+            ownerUserNames: typeof args.options.ownerUserNames !== 'undefined',
+            memberIds: typeof args.options.memberIds !== 'undefined',
+            memberUserNames: typeof args.options.memberUserNames !== 'undefined',
             isPrivate: !!args.options.isPrivate,
             logoPath: typeof args.options.logoPath !== 'undefined',
             allowExternalSenders: !!args.options.allowExternalSenders,
@@ -214,9 +254,13 @@ _EntraM365GroupSetCommand_instances = new WeakSet(), _EntraM365GroupSetCommand_i
     }, {
         option: '-d, --description [description]'
     }, {
-        option: '--owners [owners]'
+        option: '--ownerIds [ownerIds]'
+    }, {
+        option: '--ownerUserNames [ownerUserNames]'
     }, {
-        option: '--members [members]'
+        option: '--memberIds [memberIds]'
+    }, {
+        option: '--memberUserNames [memberUserNames]'
     }, {
         option: '--isPrivate [isPrivate]',
         autocomplete: ['true', 'false']
@@ -237,17 +281,31 @@ _EntraM365GroupSetCommand_instances = new WeakSet(), _EntraM365GroupSetCommand_i
     });
 }, _EntraM365GroupSetCommand_initOptionSets = function _EntraM365GroupSetCommand_initOptionSets() {
     this.optionSets.push({ options: ['id', 'displayName'] });
+    this.optionSets.push({
+        options: ['ownerIds', 'ownerUserNames'],
+        runsWhen: (args) => {
+            return args.options.ownerIds !== undefined || args.options.ownerUserNames !== undefined;
+        }
+    });
+    this.optionSets.push({
+        options: ['memberIds', 'memberUserNames'],
+        runsWhen: (args) => {
+            return args.options.memberIds !== undefined || args.options.memberUserNames !== undefined;
+        }
+    });
 }, _EntraM365GroupSetCommand_initTypes = function _EntraM365GroupSetCommand_initTypes() {
     this.types.boolean.push('isPrivate', 'allowEternalSenders', 'autoSubscribeNewMembers', 'hideFromAddressLists', 'hideFromOutlookClients');
-    this.types.string.push('id', 'displayName', 'newDisplayName', 'description', 'owners', 'members', 'logoPath');
+    this.types.string.push('id', 'displayName', 'newDisplayName', 'description', 'ownerIds', 'ownerUserNames', 'memberIds', 'memberUserNames', 'logoPath');
 }, _EntraM365GroupSetCommand_initValidators = function _EntraM365GroupSetCommand_initValidators() {
     this.validators.push(async (args) => {
         if (!args.options.newDisplayName &&
             args.options.description === undefined &&
-            !args.options.members &&
-            !args.options.owners &&
+            args.options.ownerIds === undefined &&
+            args.options.ownerUserNames === undefined &&
+            args.options.memberIds === undefined &&
+            args.options.memberUserNames === undefined &&
             args.options.isPrivate === undefined &&
-            !args.options.logoPath &&
+            args.options.logoPath === undefined &&
             args.options.allowExternalSenders === undefined &&
             args.options.autoSubscribeNewMembers === undefined &&
             args.options.hideFromAddressLists === undefined &&
@@ -257,16 +315,28 @@ _EntraM365GroupSetCommand_instances = new WeakSet(), _EntraM365GroupSetCommand_i
         if (args.options.id && !validation.isValidGuid(args.options.id)) {
             return `${args.options.id} is not a valid GUID`;
         }
-        if (args.options.owners) {
-            const isValidArray = validation.isValidUserPrincipalNameArray(args.options.owners);
-            if (isValidArray !== true) {
-                return `Option 'owners' contains one or more invalid UPNs: ${isValidArray}.`;
+        if (args.options.ownerIds) {
+            const isValidGUIDArrayResult = validation.isValidGuidArray(args.options.ownerIds);
+            if (isValidGUIDArrayResult !== true) {
+                return `The following GUIDs are invalid for the option 'ownerIds': ${isValidGUIDArrayResult}.`;
+            }
+        }
+        if (args.options.ownerUserNames) {
+            const isValidUPNArrayResult = validation.isValidUserPrincipalNameArray(args.options.ownerUserNames);
+            if (isValidUPNArrayResult !== true) {
+                return `The following user principal names are invalid for the option 'ownerUserNames': ${isValidUPNArrayResult}.`;
+            }
+        }
+        if (args.options.memberIds) {
+            const isValidGUIDArrayResult = validation.isValidGuidArray(args.options.memberIds);
+            if (isValidGUIDArrayResult !== true) {
+                return `The following GUIDs are invalid for the option 'memberIds': ${isValidGUIDArrayResult}.`;
             }
         }
-        if (args.options.members) {
-            const isValidArray = validation.isValidUserPrincipalNameArray(args.options.members);
-            if (isValidArray !== true) {
-                return `Option 'members' contains one or more invalid UPNs: ${isValidArray}.`;
+        if (args.options.memberUserNames) {
+            const isValidUPNArrayResult = validation.isValidUserPrincipalNameArray(args.options.memberUserNames);
+            if (isValidUPNArrayResult !== true) {
+                return `The following user principal names are invalid for the option 'memberUserNames': ${isValidUPNArrayResult}.`;
             }
         }
         if (args.options.logoPath) {

package/docs/docs/cmd/entra/m365group/m365group-set.mdx

@@ -20,28 +20,34 @@ m365 aad m365group set [options]
 
 ```md definition-list
 `-i, --id [id]`
-: The ID of the Microsoft 365 Group to update
+: The ID of the Microsoft 365 Group to update.
 
 `-n, --displayName [displayName]`
-: Display name of the Microsoft 365 Group to update
+: Display name of the Microsoft 365 Group to update.
 
 `--newDisplayName [newDisplayName]`
-: New display name for the Microsoft 365 Group
+: New display name for the Microsoft 365 Group.
 
 `-d, --description [description]`
-: Description for the Microsoft 365 Group
+: Description for the Microsoft 365 Group.
 
-`--owners [owners]`
-: Comma-separated list of Microsoft 365 Group owners to add
+`--ownerIds [ownerIds]`
+: Comma-separated list of IDs of Microsoft Entra ID users that will be group owners. Specify either `ownerIds` or `ownerUserNames`, but not both.
 
-`--members [members]`
-: Comma-separated list of Microsoft 365 Group members to add
+`--ownerUserNames [ownerUserNames]`
+: Comma-separated list of UPNs of Microsoft Entra ID users that will be group owners. Specify either `ownerIds` or `ownerUserNames`, but not both.
+
+`--memberIds [memberIds]`
+: Comma-separated list of IDs of Microsoft Entra ID users that will be group members. Specify either `memberIds` or `memberUserNames`, but not both.
+
+`--memberUserNames [memberUserNames]`
+: Comma-separated list of UPNs of Microsoft Entra ID users that will be group members. Specify either `memberIds` or `memberUserNames`, but not both.
 
 `--isPrivate [isPrivate]`
 : Set to `true` if the Microsoft 365 Group should be private and `false` if it should be public.  
 
 `-l, --logoPath [logoPath]`
-: Local path to the image file to use as group logo
+: Local path to the image file to use as group logo.
 
 `--allowExternalSenders [allowExternalSenders]`
 : Indicates if people external to the organization can send messages to the group. Valid values: `true`, `false`.
@@ -60,7 +66,7 @@ m365 aad m365group set [options]
 
 ## Remarks
 
-When updating group's owners and members, the command will add newly specified users to the previously set owners and members. The previously set users will not be replaced.
+When updating group's owners and members, the command will remove existing owners/members from the group, and the specified users will be added.
 
 When specifying the path to the logo image you can use both relative and absolute paths. Note, that ~ in the path, will not be resolved and will most likely result in an error.
 
@@ -84,16 +90,28 @@ Change Microsoft 365 Group visibility to public.
 m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --isPrivate `false`
 ```
 
-Add new Microsoft 365 Group owners of group.
+Updates the list of Microsoft 365 Group owners with a list of users by UPN.
+
+```sh
+m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --ownerUserNames "DebraB@contoso.onmicrosoft.com,DiegoS@contoso.onmicrosoft.com"
+```
+
+Updates the list of Microsoft 365 Group owners with a list of users by ID.
+
+```sh
+m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --ownerIds "3527dada-9368-4cdd-a958-5460f5658e0e,e94b2cb8-7c9a-4651-b1af-207d81a010b6"
+```
+
+Updates the list of Microsoft 365 Group members with a list of users by UPN.
 
 ```sh
-m365 entra m365group set --displayName 'Project Team' --owners "DebraB@contoso.onmicrosoft.com,DiegoS@contoso.onmicrosoft.com"
+m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --memberUserNames "DebraB@contoso.onmicrosoft.com,DiegoS@contoso.onmicrosoft.com"
 ```
 
-Add new Microsoft 365 Group members.
+Updates the list of Microsoft 365 Group members with a list of users by ID.
 
 ```sh
-m365 entra m365group set --displayName 'Project Team' --members "DebraB@contoso.onmicrosoft.com,DiegoS@contoso.onmicrosoft.com"
+m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --memberIds "3527dada-9368-4cdd-a958-5460f5658e0e,e94b2cb8-7c9a-4651-b1af-207d81a010b6"
 ```
 
 Update Microsoft 365 Group logo.
@@ -116,4 +134,4 @@ m365 entra m365group set --id 28beab62-7540-4db1-a23f-29a6018a3848 --autoSubscri
 
 ## Response
 
-The command won't return a response on success.
+The command won't return a response on success.

package/docs/docs/cmd/login.mdx

@@ -47,6 +47,9 @@ m365 login [options]
 
 `--connectionName [connectionName]`
 : Specify an optional name to make switching between connections easier.
+
+`--ensure`
+: Ensures that the user is signed in. if the user isn't signed in, it initiates the login flow
 ```
 
 <Global />
@@ -190,6 +193,12 @@ Log in to Microsoft 365 using a client secret.
 m365 login --authType secret --secret topSeCr3t@007
 ```
 
+Ensures that the user is signed in, initiates the login flow if the user isn't signed in
+
+```sh
+m365 login --ensure
+```
+
 ## Response
 
 <Tabs>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "10.0.0-beta.66db729",
+  "version": "10.0.0-beta.7be7794",
   "description": "Manage Microsoft 365 and SharePoint Framework projects on any platform",
   "license": "MIT",
   "main": "./dist/api.js",