Adding AT PoP skeleton (#2511)

* adding "-AT PoP" option to "Set-MgGraphOptions"

* Adding AT PoP skeleton

---------

Co-authored-by: Tim <timwamalwa@gmail.com>
Co-authored-by: Peter Ombwa <peter.ombwa@microsoft.com>
Co-authored-by: Peter Ombwa <peombwa@microsoft.com>
Co-authored-by: Mustafa Zengin <mzengin88@gmail.com>
Co-authored-by: Clément Notin <cnotin@tenable.com>
Co-authored-by: Microsoft Graph DevX Tooling <GraphTooling@service.microsoft.com>
Co-authored-by: Vincent Biret <vincentbiret@hotmail.com>
Co-authored-by: Vincent Biret <vibiret@microsoft.com>
Co-authored-by: Subhajit Ray (from Dev Box) <subray@microsoft.com>

.azure-pipelines/ci-build.yml

@@ -38,6 +38,8 @@ jobs:
     displayName: Microsoft Graph PowerShell SDK CI Build
     timeoutInMinutes: 840
     steps:
+      - script: |
+          git submodule update --init --recursive
       - template: ./common-templates/install-tools.yml
       - template: ./common-templates/security-pre-checks.yml
 

.azure-pipelines/common-templates/checkout.yml

@@ -10,7 +10,7 @@ steps:
   - checkout: self
     clean: true
     fetchDepth: 1
-    submodules: true
+    submodules: recursive
     persistCredentials: true
 
   - task: PowerShell@2

.azure-pipelines/common-templates/install-tools.yml

@@ -16,7 +16,7 @@ steps:
   - task: NuGetToolInstaller@1
     displayName: Install Nuget
 
-  - task: NuGetAuthenticate@0
+  - task: NuGetAuthenticate@1
 
   - task: PowerShell@2
     displayName: Version Check
@@ -30,10 +30,16 @@ steps:
     displayName: Install NodeJs
     inputs:
       versionSpec: 16.x
-
+      
   - task: Npm@1
     displayName: Install AutoRest
     inputs:
       command: custom
       customCommand: install -g autorest@latest
 
+  - task: Npm@1
+    displayName: Install Rush
+    inputs:
+      command: custom
+      customCommand: install -g @microsoft/rush
+

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "autorest.powershell"]
+	path = autorest.powershell
+	url = https://github.com/microsoftgraph/autorest.powershell
+	branch = powershell-v2

config/ModuleMetadata.json

@@ -27,15 +27,15 @@
   "versions": {
     "authentication": {
       "prerelease": "",
-      "version": "2.11.1"
+      "version": "2.12.0"
     },
     "beta": {
       "prerelease": "",
-      "version": "2.11.1"
+      "version": "2.12.0"
     },
     "v1.0": {
       "prerelease": "",
-      "version": "2.11.1"
+      "version": "2.12.0"
     }
   }
 }

config/ModulesMapping.jsonc

@@ -11,7 +11,7 @@
   "Devices.ServiceAnnouncement": "^admin.serviceAnnouncement$|^admin.Actions$|^admin.Functions$",
   "DeviceManagement": "^deviceManagement.(deviceCompliancePolicy.*|deviceManagementConfigurationPolicy.*|deviceManagementCompliancePolicy.*|deviceManagementConfigurationSettingDefinition.*|deviceConfiguration.*|managedDevice.*|managementCondition.*|microsoftTunnel.*|userExperienceAnalytics.*|windowsInformationProtection.*|deviceManagement|deviceManagement(DerivedCredentialSettings|Intent|ResourceAccessProfileBase|Script|SettingCategory|SettingDefinition|Template|TroubleshootingEvent)|androidForWork(AppConfigurationSchema|Settings)|androidManagedStore(AccountEnterpriseSettings|AppConfigurationSchema)|deviceAndAppManagementAssignmentFilter|deviceCategory|advancedThreatProtectionOnboardingStateSummary|dataSharingConsent|detectedApp|deviceHealthScript|deviceShellScript|embeddedSIMActivationCodePool|groupPolicyConfiguration|macOSSoftwareUpdateAccountSummary|mobileAppTroubleshootingEvent|notificationMessageTemplate|remoteActionAudit|softwareUpdateStatusSummary|windowsMalwareInformation|windowsQualityUpdateProfile)$|^admin.edge$|^deviceManagement.monitoring$|^users.ListCloudPCs$",
   "DeviceManagement.Administration": "^deviceManagement.(virtualEndpoint.*|.*Partner.*|.*Certificate.*|.*role.*|deviceManagement(DomainJoinConnector|ExchangeConnector|ExchangeOnPremisesPolicy)|groupPolicy(Category|Definition|DefinitionFile|MigrationReport|ObjectFile|UploadedDefinitionFile)|auditEvent|cartToClassAssociation|comanagementEligibleDevice|deviceAndAppManagementRoleAssignment|intuneBrandingProfile|iosUpdateDeviceStatus|mobileThreatDefenseConnector|ndesConnector|resourceOperation|restrictedAppsViolation|termsAndConditions)",
-  "DeviceManagement.Enrollment": "^deviceManagement.(.*Enrollment.*|.*Autopilot.*|.*depOnboarding.*|importedDeviceIdentity|onPremisesConditionalAccessSettings|windowsFeatureUpdateProfile)$|^roleManagement.roleManagement$|^roleManagement.rbacApplicationMultiple$",
+  "DeviceManagement.Enrollment": "^deviceManagement.(.*Enrollment.*|.*Autopilot.*|.*depOnboarding.*|importedDeviceIdentity|onPremisesConditionalAccessSettings|windowsFeatureUpdateProfile)$|^roleManagement.roleManagement$|^roleManagement.rbacApplicationMultiple$|^roleManagement.unifiedRbacApplication$",
   "DeviceManagement.Actions": "^deviceManagement.Actions$",
   "DeviceManagement.Functions": "^deviceManagement.Functions$",
   "DirectoryObjects": "^directoryObjects\\.",

docs/authentication.md

@@ -116,6 +116,8 @@ Before using the provided `-AccessToken` to get Microsoft Graph resources, custo
 
 AT PoP is a security mechanism that binds an access token to a cryptographic key that only the intended recipient has. This prevents unauthorized use of the token by malicious actors. AT PoP enhances data protection, reduces token replay attacks, and enables fine-grained authorization policies.
 
+Note: AT PoP requires WAM to function.
+
 Microsoft Graph PowerShell module supports AT PoP in the following scenario:
 
 - To enable AT PoP on supported devices