@pnp/cli-microsoft365 7.3.0-beta.d293309 → 7.3.0-beta.e0b37b9

package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-add.js

@@ -0,0 +1,137 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAdministrativeUnitMemberAddCommand_instances, _AadAdministrativeUnitMemberAddCommand_initTelemetry, _AadAdministrativeUnitMemberAddCommand_initOptions, _AadAdministrativeUnitMemberAddCommand_initValidators, _AadAdministrativeUnitMemberAddCommand_initOptionSets;
+import { aadAdministrativeUnit } from "../../../../utils/aadAdministrativeUnit.js";
+import { aadGroup } from "../../../../utils/aadGroup.js";
+import { aadUser } from "../../../../utils/aadUser.js";
+import { validation } from "../../../../utils/validation.js";
+import GraphCommand from "../../../base/GraphCommand.js";
+import commands from "../../commands.js";
+import request from "../../../../request.js";
+import { aadDevice } from "../../../../utils/aadDevice.js";
+class AadAdministrativeUnitMemberAddCommand extends GraphCommand {
+    get name() {
+        return commands.ADMINISTRATIVEUNIT_MEMBER_ADD;
+    }
+    get description() {
+        return 'Adds a member (user, group, device) to an administrative unit';
+    }
+    constructor() {
+        super();
+        _AadAdministrativeUnitMemberAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        let administrativeUnitId = args.options.administrativeUnitId;
+        let memberType;
+        let memberId;
+        try {
+            if (args.options.administrativeUnitName) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Retrieving Administrative Unit Id...`);
+                }
+                administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
+            }
+            if (args.options.userId || args.options.userName) {
+                memberType = 'users';
+                memberId = args.options.userId;
+                if (args.options.userName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Retrieving User Id...`);
+                    }
+                    memberId = await aadUser.getUserIdByUpn(args.options.userName);
+                }
+            }
+            else if (args.options.groupId || args.options.groupName) {
+                memberType = 'groups';
+                memberId = args.options.groupId;
+                if (args.options.groupName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Retrieving Group Id...`);
+                    }
+                    memberId = await aadGroup.getGroupIdByDisplayName(args.options.groupName);
+                }
+            }
+            else if (args.options.deviceId || args.options.deviceName) {
+                memberType = 'devices';
+                memberId = args.options.deviceId;
+                if (args.options.deviceName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Device with name ${args.options.deviceName} retrieved, returned id: ${memberId}`);
+                    }
+                    memberId = (await aadDevice.getDeviceByDisplayName(args.options.deviceName)).id;
+                }
+            }
+            const requestOptions = {
+                url: `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/$ref`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                data: {
+                    "@odata.id": `https://graph.microsoft.com/v1.0/${memberType}/${memberId}`
+                }
+            };
+            await request.post(requestOptions);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+}
+_AadAdministrativeUnitMemberAddCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberAddCommand_initTelemetry = function _AadAdministrativeUnitMemberAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            groupId: typeof args.options.groupId !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            deviceId: typeof args.options.deviceId !== 'undefined',
+            deviceName: typeof args.options.deviceName !== 'undefined'
+        });
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initOptions = function _AadAdministrativeUnitMemberAddCommand_initOptions() {
+    this.options.unshift({
+        option: '-i, --administrativeUnitId [administrativeUnitId]'
+    }, {
+        option: '-n, --administrativeUnitName [administrativeUnitName]'
+    }, {
+        option: "--userId [userId]"
+    }, {
+        option: "--userName [userName]"
+    }, {
+        option: "--groupId [groupId]"
+    }, {
+        option: "--groupName [groupName]"
+    }, {
+        option: "--deviceId [deviceId]"
+    }, {
+        option: "--deviceName [deviceName]"
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initValidators = function _AadAdministrativeUnitMemberAddCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
+            return `${args.options.userId} is not a valid GUID`;
+        }
+        if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
+            return `${args.options.groupId} is not a valid GUID`;
+        }
+        if (args.options.deviceId && !validation.isValidGuid(args.options.deviceId)) {
+            return `${args.options.deviceId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initOptionSets = function _AadAdministrativeUnitMemberAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
+    this.optionSets.push({ options: ['userId', 'userName', 'groupId', 'groupName', 'deviceId', 'deviceName'] });
+};
+export default new AadAdministrativeUnitMemberAddCommand();
+//# sourceMappingURL=administrativeunit-member-add.js.map

package/dist/m365/aad/commands/app/app-permission-add.js

@@ -0,0 +1,237 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAppPermissionAddCommand_instances, _AadAppPermissionAddCommand_initTelemetry, _AadAppPermissionAddCommand_initOptions, _AadAppPermissionAddCommand_initValidators, _AadAppPermissionAddCommand_initOptionSets;
+import { odata } from "../../../../utils/odata.js";
+import GraphCommand from "../../../base/GraphCommand.js";
+import commands from "../../commands.js";
+import request from "../../../../request.js";
+import { validation } from "../../../../utils/validation.js";
+var ScopeType;
+(function (ScopeType) {
+    ScopeType["Role"] = "Role";
+    ScopeType["Scope"] = "Scope";
+})(ScopeType || (ScopeType = {}));
+class AadAppPermissionAddCommand extends GraphCommand {
+    get name() {
+        return commands.APP_PERMISSION_ADD;
+    }
+    get description() {
+        return 'Adds the specified application and/or delegated permissions to a specified Entra ID (Azure AD) app';
+    }
+    constructor() {
+        super();
+        _AadAppPermissionAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        try {
+            const appObject = await this.getAppObject(args.options);
+            const servicePrincipals = await this.getServicePrincipals();
+            const appPermissions = [];
+            if (args.options.delegatedPermissions) {
+                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermissions, ScopeType.Scope, appPermissions, logger);
+                this.addPermissionsToResourceArray(delegatedPermissions, appObject.requiredResourceAccess);
+            }
+            if (args.options.applicationPermissions) {
+                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermissions, ScopeType.Role, appPermissions, logger);
+                this.addPermissionsToResourceArray(applicationPermissions, appObject.requiredResourceAccess);
+            }
+            const addPermissionsRequestOptions = {
+                url: `${this.resource}/v1.0/applications/${appObject.id}`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: {
+                    requiredResourceAccess: appObject.requiredResourceAccess
+                }
+            };
+            await request.patch(addPermissionsRequestOptions);
+            if (args.options.grantAdminConsent) {
+                const appServicePrincipal = servicePrincipals.find(sp => sp.appId === appObject.appId);
+                await this.grantAdminConsent(appServicePrincipal, appPermissions, logger);
+            }
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getAppObject(options) {
+        let apps;
+        if (options.appObjectId) {
+            apps = await odata.getAllItems(`${this.resource}/v1.0/applications/${options.appObjectId}?$select=id,appId,requiredResourceAccess`);
+        }
+        else {
+            apps = await odata.getAllItems(`${this.resource}/v1.0/applications(appId='${options.appId}')?$select=id,appId,requiredResourceAccess`);
+        }
+        if (apps.length === 0) {
+            throw `App with ${options.appObjectId ? 'object id' : 'client id'} ${options.appObjectId ? options.appObjectId : options.appId} not found in Entra ID (Azure AD)`;
+        }
+        return apps[0];
+    }
+    async getServicePrincipals() {
+        return await odata.getAllItems(`${this.resource}/v1.0/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`);
+    }
+    async grantAdminConsent(servicePrincipal, appPermissions, logger) {
+        for await (const permission of appPermissions) {
+            if (permission.scope.length > 0) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Granting consent for delegated permission(s) with resourceId ${permission.resourceId} and scope(s) ${permission.scope.join(' ')}`);
+                }
+                await this.grantOAuth2Permission(servicePrincipal.id, permission.resourceId, permission.scope.join(' '));
+            }
+            for await (const access of permission.resourceAccess.filter(acc => acc.type === ScopeType.Role)) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Granting consent for application permission with resourceId ${permission.resourceId} and appRoleId ${access.id}`);
+                }
+                await this.addRoleToServicePrincipal(servicePrincipal.id, permission.resourceId, access.id);
+            }
+        }
+    }
+    async grantOAuth2Permission(servicePrincipalId, resourceId, scope) {
+        const grantAdminConsentApplicationRequestOptions = {
+            url: `${this.resource}/v1.0/oauth2PermissionGrants`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                clientId: servicePrincipalId,
+                consentType: 'AllPrincipals',
+                principalId: null,
+                resourceId: resourceId,
+                scope: scope
+            }
+        };
+        return request.post(grantAdminConsentApplicationRequestOptions);
+    }
+    async addRoleToServicePrincipal(servicePrincipalId, resourceId, appRoleId) {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipalId}/appRoleAssignments`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                appRoleId: appRoleId,
+                principalId: servicePrincipalId,
+                resourceId: resourceId
+            }
+        };
+        return request.post(requestOptions);
+    }
+    async getRequiredResourceAccessForApis(servicePrincipals, apis, scopeType, appPermissions, logger) {
+        const resolvedApis = [];
+        const requestedApis = apis.split(' ').map(a => a.trim());
+        for await (const api of requestedApis) {
+            const pos = api.lastIndexOf('/');
+            const permissionName = api.substring(pos + 1);
+            const servicePrincipalName = api.substring(0, pos);
+            if (this.verbose) {
+                await logger.logToStderr(`Resolving ${api}...`);
+                await logger.logToStderr(`Permission name: ${permissionName}`);
+                await logger.logToStderr(`Service principal name: ${servicePrincipalName}`);
+            }
+            const servicePrincipal = servicePrincipals.find(sp => (sp.servicePrincipalNames.indexOf(servicePrincipalName) > -1 ||
+                sp.servicePrincipalNames.indexOf(`${servicePrincipalName}/`) > -1));
+            if (!servicePrincipal) {
+                throw `Service principal ${servicePrincipalName} not found`;
+            }
+            let permission = undefined;
+            if (scopeType === ScopeType.Scope) {
+                permission = servicePrincipal.oauth2PermissionScopes.find(scope => scope.value === permissionName);
+            }
+            else if (scopeType === ScopeType.Role) {
+                permission = servicePrincipal.appRoles.find(scope => scope.value === permissionName);
+            }
+            if (!permission) {
+                throw `Permission ${permissionName} for service principal ${servicePrincipalName} not found`;
+            }
+            let resolvedApi = resolvedApis.find(a => a.resourceAppId === servicePrincipal.appId);
+            if (!resolvedApi) {
+                resolvedApi = {
+                    resourceAppId: servicePrincipal.appId,
+                    resourceAccess: []
+                };
+                resolvedApis.push(resolvedApi);
+            }
+            const resourceAccessPermission = {
+                id: permission.id,
+                type: scopeType
+            };
+            resolvedApi.resourceAccess.push(resourceAccessPermission);
+            this.updateAppPermissions(servicePrincipal.id, resourceAccessPermission, permission.value, appPermissions);
+        }
+        return resolvedApis;
+    }
+    updateAppPermissions(spId, resourceAccessPermission, oAuth2PermissionValue, appPermissions) {
+        let existingPermission = appPermissions.find(oauth => oauth.resourceId === spId);
+        if (!existingPermission) {
+            existingPermission = {
+                resourceId: spId,
+                resourceAccess: [],
+                scope: []
+            };
+            appPermissions.push(existingPermission);
+        }
+        if (resourceAccessPermission.type === ScopeType.Scope && oAuth2PermissionValue && !existingPermission.scope.find(scp => scp === oAuth2PermissionValue)) {
+            existingPermission.scope.push(oAuth2PermissionValue);
+        }
+        if (!existingPermission.resourceAccess.find(res => res.id === resourceAccessPermission.id)) {
+            existingPermission.resourceAccess.push(resourceAccessPermission);
+        }
+    }
+    addPermissionsToResourceArray(permissions, existingArray) {
+        permissions.forEach(resolvedRequiredResource => {
+            const requiredResource = existingArray.find(api => api.resourceAppId === resolvedRequiredResource.resourceAppId);
+            if (requiredResource) {
+                // make sure that permission does not yet exist on the app or it will be added twice
+                resolvedRequiredResource.resourceAccess.forEach(resAccess => {
+                    if (!requiredResource.resourceAccess.some(res => res.id === resAccess.id)) {
+                        requiredResource.resourceAccess.push(resAccess);
+                    }
+                });
+            }
+            else {
+                existingArray.push(resolvedRequiredResource);
+            }
+        });
+    }
+}
+_AadAppPermissionAddCommand_instances = new WeakSet(), _AadAppPermissionAddCommand_initTelemetry = function _AadAppPermissionAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            appId: typeof args.options.appId !== 'undefined',
+            appObjectId: typeof args.options.appObjectId !== 'undefined',
+            applicationPermissions: typeof args.options.applicationPermissions !== 'undefined',
+            delegatedPermissions: typeof args.options.delegatedPermissions !== 'undefined',
+            grantAdminConsent: !!args.options.grantAdminConsent
+        });
+    });
+}, _AadAppPermissionAddCommand_initOptions = function _AadAppPermissionAddCommand_initOptions() {
+    this.options.unshift({ option: '-i, --appId [appId]' }, { option: '--appObjectId [appObjectId]' }, { option: '-a, --applicationPermissions [applicationPermissions]' }, { option: '-d, --delegatedPermissions [delegatedPermissions]' }, { option: '--grantAdminConsent' });
+}, _AadAppPermissionAddCommand_initValidators = function _AadAppPermissionAddCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.appId && !validation.isValidGuid(args.options.appId)) {
+            return `${args.options.appId} is not a valid GUID`;
+        }
+        if (args.options.appObjectId && !validation.isValidGuid(args.options.appObjectId)) {
+            return `${args.options.appObjectId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _AadAppPermissionAddCommand_initOptionSets = function _AadAppPermissionAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['appId', 'appObjectId'] });
+    this.optionSets.push({
+        options: ['applicationPermissions', 'delegatedPermissions'],
+        runsWhen: (args) => args.options.delegatedPermissions === undefined && args.options.applicationPermissions === undefined
+    });
+};
+export default new AadAppPermissionAddCommand();
+//# sourceMappingURL=app-permission-add.js.map

package/dist/m365/aad/commands.js

@@ -4,15 +4,17 @@ export default {
     ADMINISTRATIVEUNIT_GET: `${prefix} administrativeunit get`,
     ADMINISTRATIVEUNIT_LIST: `${prefix} administrativeunit list`,
     ADMINISTRATIVEUNIT_REMOVE: `${prefix} administrativeunit remove`,
+    ADMINISTRATIVEUNIT_MEMBER_ADD: `${prefix} administrativeunit member add`,
     ADMINISTRATIVEUNIT_MEMBER_LIST: `${prefix} administrativeunit member list`,
     APP_ADD: `${prefix} app add`,
     APP_GET: `${prefix} app get`,
     APP_LIST: `${prefix} app list`,
     APP_REMOVE: `${prefix} app remove`,
+    APP_SET: `${prefix} app set`,
+    APP_PERMISSION_ADD: `${prefix} app permission add`,
     APP_ROLE_ADD: `${prefix} app role add`,
     APP_ROLE_LIST: `${prefix} app role list`,
     APP_ROLE_REMOVE: `${prefix} app role remove`,
-    APP_SET: `${prefix} app set`,
     APPROLEASSIGNMENT_ADD: `${prefix} approleassignment add`,
     APPROLEASSIGNMENT_LIST: `${prefix} approleassignment list`,
     APPROLEASSIGNMENT_REMOVE: `${prefix} approleassignment remove`,

package/dist/m365/teams/commands/user/user-app-add.js

@@ -3,8 +3,9 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _TeamsUserAppAddCommand_instances, _TeamsUserAppAddCommand_initOptions, _TeamsUserAppAddCommand_initValidators;
+var _TeamsUserAppAddCommand_instances, _TeamsUserAppAddCommand_initTelemetry, _TeamsUserAppAddCommand_initOptions, _TeamsUserAppAddCommand_initValidators, _TeamsUserAppAddCommand_initOptionSets;
 import request from '../../../../request.js';
+import { formatting } from '../../../../utils/formatting.js';
 import { validation } from '../../../../utils/validation.js';
 import GraphCommand from '../../../base/GraphCommand.js';
 import commands from '../../commands.js';
@@ -18,13 +19,16 @@ class TeamsUserAppAddCommand extends GraphCommand {
     constructor() {
         super();
         _TeamsUserAppAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _TeamsUserAppAddCommand_instances, "m", _TeamsUserAppAddCommand_initTelemetry).call(this);
         __classPrivateFieldGet(this, _TeamsUserAppAddCommand_instances, "m", _TeamsUserAppAddCommand_initOptions).call(this);
         __classPrivateFieldGet(this, _TeamsUserAppAddCommand_instances, "m", _TeamsUserAppAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _TeamsUserAppAddCommand_instances, "m", _TeamsUserAppAddCommand_initOptionSets).call(this);
     }
     async commandAction(logger, args) {
+        const userId = (args.options.userId ?? args.options.userName);
         const endpoint = `${this.resource}/v1.0`;
         const requestOptions = {
-            url: `${endpoint}/users/${args.options.userId}/teamwork/installedApps`,
+            url: `${endpoint}/users/${formatting.encodeQueryParameter(userId)}/teamwork/installedApps`,
             headers: {
                 'content-type': 'application/json;odata=nometadata',
                 'accept': 'application/json;odata.metadata=none'
@@ -42,22 +46,36 @@ class TeamsUserAppAddCommand extends GraphCommand {
         }
     }
 }
-_TeamsUserAppAddCommand_instances = new WeakSet(), _TeamsUserAppAddCommand_initOptions = function _TeamsUserAppAddCommand_initOptions() {
+_TeamsUserAppAddCommand_instances = new WeakSet(), _TeamsUserAppAddCommand_initTelemetry = function _TeamsUserAppAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined'
+        });
+    });
+}, _TeamsUserAppAddCommand_initOptions = function _TeamsUserAppAddCommand_initOptions() {
     this.options.unshift({
         option: '--id <id>'
     }, {
-        option: '--userId <userId>'
+        option: '--userId [userId]'
+    }, {
+        option: '--userName [userName]'
     });
 }, _TeamsUserAppAddCommand_initValidators = function _TeamsUserAppAddCommand_initValidators() {
     this.validators.push(async (args) => {
         if (!validation.isValidGuid(args.options.id)) {
             return `${args.options.id} is not a valid GUID`;
         }
-        if (!validation.isValidGuid(args.options.userId)) {
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
             return `${args.options.userId} is not a valid GUID`;
         }
+        if (args.options.userName && !validation.isValidUserPrincipalName(args.options.userName)) {
+            return `${args.options.userName} is not a valid userName`;
+        }
         return true;
     });
+}, _TeamsUserAppAddCommand_initOptionSets = function _TeamsUserAppAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['userId', 'userName'] });
 };
 export default new TeamsUserAppAddCommand();
 //# sourceMappingURL=user-app-add.js.map

package/dist/utils/aadDevice.js

@@ -0,0 +1,25 @@
+import { odata } from "./odata.js";
+import { formatting } from "./formatting.js";
+import { cli } from "../cli/cli.js";
+const graphResource = 'https://graph.microsoft.com';
+export const aadDevice = {
+    /**
+     * Get a device by its display name.
+     * @param displayName Device display name.
+     * @returns The device.
+     * @throws Error when device was not found.
+     */
+    async getDeviceByDisplayName(displayName) {
+        const devices = await odata.getAllItems(`${graphResource}/v1.0/devices?$filter=displayName eq '${formatting.encodeQueryParameter(displayName)}'`);
+        if (devices.length === 0) {
+            throw `The specified device '${displayName}' does not exist.`;
+        }
+        if (devices.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('id', devices);
+            const selectedDevice = await cli.handleMultipleResultsFound(`Multiple devices with name '${displayName}' found.`, resultAsKeyValuePair);
+            return selectedDevice;
+        }
+        return devices[0];
+    }
+};
+//# sourceMappingURL=aadDevice.js.map

package/docs/docs/cmd/aad/administrativeunit/administrativeunit-member-add.mdx

@@ -0,0 +1,93 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# aad administrativeunit member add
+
+Add a member (user, group, or device) to an administrative unit
+
+## Usage
+
+```sh
+m365 aad administrativeunit member add [options]
+```
+
+## Options
+
+```md definition-list
+`-i, --administrativeUnitId [administrativeUnitId]`
+: The id of the administrative unit. Specify either `administrativeUnitId` or `administrativeUnitName` but not both.
+
+`-n, --administrativeUnitName [administrativeUnitName]`
+: The name of the administrative unit. Specify either `administrativeUnitId` or `administrativeUnitName` but not both.
+
+`--userId [userId]`
+: The id of the user to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+
+`--userName [userName]`
+: The user principal name (UPN) of the user to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+
+`--groupId [groupId]`
+: The id of the group to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+
+`--groupName [groupName]`
+: The name of the group to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+
+`--deviceId [deviceId]`
+: The id of the device to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+
+`--deviceName [deviceName]`
+: The name of the device to be added. Specify `userId`, `userName`, `groupId`, `groupName`, `deviceId` or `deviceName`.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+To use this command you must be either **Global Administrator** or **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Add a single user specified by id to an administrative unit specified by id
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitId 03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7 --userId 1caf7dcd-7e83-4c3a-94f7-932a1299c844
+```
+
+Add a single user specified by user principal name to an administrative unit specified by name
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitName 'Marketing Division' --userName john.doe@contoso.com
+```
+
+Add a single group specified by id to an administrative unit specified by id
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitId 03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7 --groupId b2307a39-e878-458b-bc90-03bc578531d6
+```
+
+Add a single group specified by name to an administrative unit specified by name
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitName 'Marketing Division' --groupName 'Marketing Group'
+```
+
+Add a single device specified by id to an administrative unit specified by id
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitId 03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7 --deviceId 810c84a8-4a9e-49e6-bf7d-12d183f40d01
+```
+
+Add a single device specified by name to an administrative unit specified by name
+
+```sh
+m365 aad administrativeunit member add --administrativeUnitName 'Marketing Division' --deviceName 'JohnDoe-PC'
+```
+
+## More information
+
+- Administrative units: https://learn.microsoft.com/entra/identity/role-based-access-control/administrative-units

package/docs/docs/cmd/aad/app/app-permission-add.mdx

@@ -0,0 +1,62 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# aad app permission add
+
+Adds the specified application and/or delegated permissions to a specified Entra ID (Azure AD) app
+
+## Usage
+
+```sh
+m365 aad app permission add [options]
+```
+
+## Options
+
+```md definition-list
+`-i, --appId [appId]`
+: Client ID of the Entra ID (Azure AD) app to add the API permissions to. Specify `appId` or `appObjectId` but not both.
+
+`--appObjectId [appObjectId]`
+: Object ID of the Entra ID (Azure AD) app to add the API permissions to. Specify `appId` or `appObjectId` but not both.
+
+`-a, --applicationPermissions [applicationPermissions]`
+: Space-separated list of application permissions to add. Specify at least `applicationPermissions` or `delegatedPermissions`.
+
+`-d, --delegatedPermissions [delegatedPermissions]`
+: Space-separated list of delegated permissions to add. Specify at least `applicationPermissions` or `delegatedPermissions`.
+
+`--grantAdminConsent`
+: When specified, grants application & delegated permissions through admin consent.
+```
+
+<Global />
+
+## Remarks
+
+Scopes/Roles to grant must be fully-qualified so that we can disambiguate them between the different resources.
+
+## Examples
+
+Grant multiple delegated API permissions to an Entra ID (Azure AD) app specified by client id
+
+```sh
+m365 aad app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'
+```
+
+Grant multiple delegated API permissions to an Entra ID (Azure AD) app specified by object id
+
+```sh
+m365 aad app permission add --appObjectId 'e0306bb2-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'
+```
+
+Grant multiple app-only permissions to an Entra ID (Azure AD) app specified by client id and grant admin consent
+
+```sh
+m365 aad app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --applicationPermissions 'https://graph.microsoft.com/Sites.FullControl.All https://microsoft.sharepoint-df.com/Sites.FullControl.All' --grandAdminConsent
+```
+
+## Response
+
+The command won't return a response on success.