Streamlined deployment script and updated admin detection in engine

2022-05-27 20:20:28 -07:00 · 2022-05-27 20:20:28 -07:00 · f54306cc7a
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,3 +1,4 @@
 {
-    "editor.tabSize": 2
+    "editor.tabSize": 2,
+    "editor.detectIndentation": false
 }
--- a/deploy/appService.bicep
+++ b/deploy/appService.bicep
@ -56,6 +56,7 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
    serverFarmId: appServicePlan.id
    keyVaultReferenceIdentity: managedIdentityId
    siteConfig: {
+      alwaysOn: true
      linuxFxVersion: 'COMPOSE|${dockerCompose}'
      acrUseManagedIdentityCreds: true
      acrUserManagedIdentityID: managedIdentityClientId
@ -77,7 +78,7 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
          value: '@Microsoft.KeyVault(SecretUri=${keyVaultUri}secrets/ENGINE-ID/)'
        }
        {
-          name: 'ENGINE_SECRET'
+          name: 'ENGINE_APP_SECRET'
          value: '@Microsoft.KeyVault(SecretUri=${keyVaultUri}secrets/ENGINE-SECRET/)'
        }
        {
--- a/deploy/deploy.ps1
+++ b/deploy/deploy.ps1
@ -11,327 +11,386 @@

 # Intake and set global parameters
 Param(
-	[Parameter(Mandatory=$false)]
-  	[string]$location="westus3",
-  	[Parameter(Mandatory=$false)]
-  	[string]$namePrefix="ipam",
-  	[Parameter(Mandatory=$true)]
-  	[string]$tags
+	[Parameter(Mandatory = $false)]
+  [string]$Location = "westus3",
+  [Parameter(Mandatory = $false)]
+  [string]$UIAppName = "ipam-ui-app",
+  [Parameter(Mandatory = $false)]
+  [string]$EngineAppName = "ipam-engine-app",
+  [Parameter(Mandatory = $false)]
+  [string]$NamePrefix = "ipam",
+  [Parameter(Mandatory = $false)]
+  [hashtable]$Tags
 )
-$engineApiGuid = New-Guid
+
+$Env:SuppressAzurePowerShellBreakingChangeWarnings = $true
+
 $logFile = "./deploy_$(get-date -format `"yyyyMMddhhmmsstt`").log"
 $tenantId = (Get-AzContext).Tenant.Id

 # Set preference variables
 $ErrorActionPreference = "Stop"

-Function validateLocation {
-    # Validate Azure Region
-    Write-Host "INFO: Validating Azure Region selected for deployment" -ForegroundColor green
-    Write-Verbose -Message "Validating Azure Region selected for deployment"
-  
-    $validLocations = Get-AzLocation
-    if ($location -in ($validLocations | Select-Object -ExpandProperty Location)) {
-        foreach ($l in $validLocations) {
-            if ($location -eq $l.Location) {
-                $script:locationName = $l.DisplayName
+Function Test-Location {
+  Param(
+    [Parameter(Mandatory=$true)]
+    [string]$Location
+  )

-                Write-Host "INFO: Azure Region validated successfully" -ForegroundColor green
-                Write-Verbose -Message "Azure Region validated successfully"
-            }
-        }
-    }
-    else {
-        Write-Host "ERROR: Location provided is not a valid Azure Region!" -ForegroundColor red
-        exit
-        
-    }
+	$validLocations = Get-AzLocation | Select-Object -ExpandProperty Location
+	return $validLocations.Contains($Location)
 }

-Function deployEngineApplication {
-    $azureSvcMgmtApiPermissionsScope = "user_impersonation"
-    $azureSvcMgmtAppId ="797f4846-ba00-4fd7-ba43-dac1f8f63013"
-    $msGraphApiPermissionsScope = "offline_access openid profile User.Read"
-    $msGraphAppId = "00000003-0000-0000-c000-000000000000"
-    $engineResourceAccess = [System.Collections.ArrayList]@(
+Function Deploy-IPAMApplications {
+  Param(
+    [Parameter(Mandatory=$true)]
+    [string]$EngineAppName,
+    [Parameter(Mandatory=$true)]
+    [string]$UIAppName
+  )
+  
+  $uiResourceAccess = [System.Collections.ArrayList]@(
+    @{
+      ResourceAppId = "00000003-0000-0000-c000-000000000000";
+      ResourceAccess = @(
        @{
-            ResourceAppId = "00000003-0000-0000-c000-000000000000";
-            ResourceAccess = @(
-                @{
-                    Id = "7427e0e9-2fba-42fe-b0c0-848c9e6a8182";
-                    Type = "Scope"
-                },
-                @{
-                    Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d";
-                    Type = "Scope"
-                },
-                @{
-                    Id = "37f7f235-527c-4136-accd-4a02d197296e";
-                    Type = "Scope"
-                },
-                @{
-                    Id = "14dad69e-099b-42c9-810b-d002981feec1";
-                    Type = "Scope"
-                }
-            )
+          Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d";
+          Type = "Scope"
        },
        @{
-            ResourceAppId = "797f4846-ba00-4fd7-ba43-dac1f8f63013";
-            ResourceAccess = @(
-                @{
-                    Id = "41094075-9dad-400e-a0bd-54e686782033";
-                    Type = "Scope"
-                }
-            )
+          Id = "06da0dbc-49e2-44d2-8312-53f166ab848a";
+          Type = "Scope"
+        },
+        @{
+          Id = "37f7f235-527c-4136-accd-4a02d197296e";
+          Type = "Scope"
        }
-    )
+      )
+    }
+  )
+  
+  $uiWebSettings = @{
+    ImplicitGrantSetting = @{
+      EnableAccessTokenIssuance = $true
+      EnableIdTokenIssuance = $true
+    }
+  }

-    # Create IPAM engine application
-    Write-Host "INFO: Creating Azure IPAM Engine Service Principal" -ForegroundColor green
-    Write-Verbose -Message "Creating Azure IPAM Engine Service Principal"
-    $global:engineApp = New-AzADApplication `
-    -DisplayName "ipam-engine-app" `
+  # Create IPAM UI Application
+	Write-Host "INFO: Creating Azure IPAM UI Application" -ForegroundColor green
+	Write-Verbose -Message "Creating Azure IPAM UI Application"
+  $uiApp = New-AzADApplication `
+    -DisplayName $UiAppName `
+    -SPARedirectUri "https://replace-this-value.azurewebsites.net" `
+    -Web $uiWebSettings
+
+  $engineResourceAccess = [System.Collections.ArrayList]@(
+  @{
+    ResourceAppId = "00000003-0000-0000-c000-000000000000";
+    ResourceAccess = @(
+      @{
+        Id = "7427e0e9-2fba-42fe-b0c0-848c9e6a8182";
+        Type = "Scope"
+      },
+      @{
+        Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d";
+        Type = "Scope"
+      },
+      @{
+        Id = "37f7f235-527c-4136-accd-4a02d197296e";
+        Type = "Scope"
+      },
+      @{
+        Id = "14dad69e-099b-42c9-810b-d002981feec1";
+        Type = "Scope"
+      }
+    )
+  },
+  @{
+    ResourceAppId = "797f4846-ba00-4fd7-ba43-dac1f8f63013";
+    ResourceAccess = @(
+      @{
+        Id = "41094075-9dad-400e-a0bd-54e686782033";
+        Type = "Scope"
+      }
+    )
+  }
+)
+
+$engineApiGuid = New-Guid
+
+$engineApiSettings = @{
+  KnownClientApplication = @(
+    $uiApp.AppId
+  )
+  Oauth2PermissionScope = @(
+    @{ 
+      AdminConsentDescription = "Allows the IPAM UI to access IPAM Engine API as the signed-in user."
+      AdminConsentDisplayName = "Access IPAM Engine API"
+      Id = $engineApiGuid
+      IsEnabled = $true
+      Type = "User"
+      UserConsentDescription = "Allow the IPAM UI to access IPAM Engine API on your behalf."
+      UserConsentDisplayName = "Access IPAM Engine API"
+      Value = "access_as_user"
+    }
+  )
+  RequestedAccessTokenVersion = 2
+}
+
+	# Create IPAM Engine Application
+	Write-Host "INFO: Creating Azure IPAM Engine Application" -ForegroundColor green
+	Write-Verbose -Message "Creating Azure IPAM Engine Application"
+  $engineApp = New-AzADApplication `
+    -DisplayName $EngineAppName `
+    -Api $engineApiSettings `
    -RequiredResourceAccess $engineResourceAccess

-    # Update IPAM engine application with API endpoint
-    Update-AzADApplication -ApplicationId $global:engineApp.AppId -IdentifierUri "api://$($global:engineApp.AppId)"
-    
-    # Create IPAM engine service principal
-    $engineSpn = New-AzADServicePrincipal `
-    -ApplicationObject $global:engineApp `
-    -Role "Reader" `
-    -Scope "/providers/Microsoft.Management/managementGroups/$($tenantId)"
+  # Update IPAM Engine API endpoint
+  Write-Host "INFO: Updating Azure IPAM Engine API Endpoint" -ForegroundColor green
+	Write-Verbose -Message "Updating Azure IPAM UI Engine API Endpoint"
+  Update-AzADApplication -ApplicationId $engineApp.AppId -IdentifierUri "api://$($engineApp.AppId)"

-    # Create IPAM engine service principal credential
-    $global:engineSecret = New-AzADAppCredential -ApplicationObject $global:engineApp -StartDate (Get-Date) -EndDate (Get-Date).AddYears(2)
-
-    Write-Host "INFO: Azure IPAM Engine Application & Service Principal created successfully" -ForegroundColor green
-    Write-Verbose -Message "Azure IPAM Engine Application & Service Principal created successfully"
-    
-    # Instantiate Microsoft Graph service principal object
-    $msGraphSpn = Get-AzADServicePrincipal `
-    -ApplicationId $msGraphAppId
-
-    # Instantiate Azure Service Management service principal object
-    $azureSvcMgmtSpn = Get-AzADServicePrincipal `
-    -ApplicationId $azureSvcMgmtAppId
-
-    # Grant admin consent for Microsoft Graph API permissions assigned to IPAM engine application
-    Write-Host "INFO: Granting admin consent for Microsoft Graph API permissions assigned to IPAM Engine Application" -ForegroundColor Green
-    Write-Verbose -Message "Granting admin consent for Microsoft Graph API permissions assigned to IPAM Engine Application"
-    New-MgOauth2PermissionGrant `
-    -ResourceId $msGraphSpn.Id `
-    -Scope $msGraphApiPermissionsScope `
-    -ClientId $engineSpn.Id `
-    -ConsentType AllPrincipals `
-    | Out-Null
-
-    Write-Host "INFO: Admin consent for Microsoft Graph API permissions granted successfully" -ForegroundColor green
-    Write-Verbose -Message "Admin consent for Microsoft Graph API permissions granted successfully"
-
-    # Grant admin consent for Azure Service Management API permissions assigned to IPAM application
-    Write-Host "INFO: Granting admin consent for Azure Service Management API permissions assigned to IPAM ENgine Application" -ForegroundColor Green
-    Write-Verbose -Message "Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine Application"
-    New-MgOauth2PermissionGrant `
-    -ResourceId $azureSvcMgmtSpn.Id `
-    -Scope $azureSvcMgmtApiPermissionsScope `
-    -ClientId $engineSpn.Id `
-    -ConsentType AllPrincipals `
-    | Out-Null
-
-    Write-Host "INFO: Admin consent for Azure Service Management API permissions granted successfully" -ForegroundColor green
-    Write-Verbose -Message "Admin consent for Azure Service Management API API permissions granted successfully"
-
-}
-
-Function deployUiApplication {
-    $engineApiPermissionsScope = "access_as_user"
-    $msGraphAppId = "00000003-0000-0000-c000-000000000000"
-    $msGraphApiPermissionsScope = "Directory.Read.All openid User.Read"
-    $uiResourceAccess = [System.Collections.ArrayList]@(
-        @{
-            ResourceAppId = "00000003-0000-0000-c000-000000000000";
-            ResourceAccess = @(
-                @{
-                    Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d";
-                    Type = "Scope"
-                },
-                @{
-                    Id = "37f7f235-527c-4136-accd-4a02d197296e";
-                    Type = "Scope"
-                },
-                @{
-                    Id = "06da0dbc-49e2-44d2-8312-53f166ab848a";
-                    Type = "Scope"
-                }
-            )
-        },
-        @{
-            ResourceAppId = $global:engineApp.AppId;
-            ResourceAccess = @(
-                @{
-                    Id = $engineApiGuid;
-                    Type = "Scope"
-                }
-            )           
-        }
+  $uiEngineApiAccess =@{
+    ResourceAppId = $engineApp.AppId
+    ResourceAccess = @(
+      @{
+        Id = $engineApiGuid
+        Type = "Scope"
+      }
    )
-    $uiWebSettings = @{
-        ImplicitGrantSetting = @{
-            EnableAccessTokenIssuance = $true
-            EnableIdTokenIssuance = $true
-        }
-    }
+  }

-    # Create IPAM UI Application
-    Write-Host "INFO: Creating Azure IPAM UI Application" -ForegroundColor green
-    Write-Verbose -Message "Creating Azure IPAM UI Application"
-    $global:uiApp = New-AzADApplication `
-    -DisplayName "ipam-ui-app" `
-    -Web $uiWebSettings `
-    -RequiredResourceAccess $uiResourceAccess
+  $uiResourceAccess.Add($uiEngineApiAccess) | Out-Null

-    # Create IPAM UI service principal
-    $uiSpn = New-AzADServicePrincipal -ApplicationObject $global:uiApp
+  # Update IPAM UI Application Resource Access
+	Write-Host "INFO: Updating Azure IPAM UI Application Resource Access" -ForegroundColor green
+	Write-Verbose -Message "Updating Azure IPAM UI Application Resource Access"
+  Update-AzADApplication -ApplicationId $uiApp.AppId -RequiredResourceAccess $uiResourceAccess
+  
+  $uiObject = Get-AzADApplication -ApplicationId $uiApp.AppId
+  $engineObject = Get-AzADApplication -ApplicationId $engineApp.AppId
+  
+  # Create IPAM UI Service Principal
+	Write-Host "INFO: Creating Azure IPAM UI Service Principal" -ForegroundColor green
+	Write-Verbose -Message "Creating Azure IPAM UI Service Principal"
+  New-AzADServicePrincipal -ApplicationObject $uiObject | Out-Null

-    Write-Host "INFO: Azure IPAM UI Application & Service Principal created successfully" -ForegroundColor green
-    Write-Verbose -Message "Azure IPAM UI Application & Service Principal created successfully"
-    
-    # Instantiate Microsoft Graph service principal object
-    $msGraphSpn = Get-AzADServicePrincipal `
-    -ApplicationId $msGraphAppId
+  # Create IPAM Engine Service Principal
+	Write-Host "INFO: Creating Azure IPAM Engine Service Principal" -ForegroundColor green
+	Write-Verbose -Message "Creating Azure IPAM Engine Service Principal"
+  New-AzADServicePrincipal -ApplicationObject $engineObject `
+                           -Role "Reader" `
+                           -Scope "/providers/Microsoft.Management/managementGroups/$tenantId" `
+                           | Out-Null

-    # Instantiate Azure IPAM engine service principal object
-    $engineSpn = Get-AzADServicePrincipal `
-    -ApplicationId $global:engineApp.AppId
+  # Create IPAM Engine Secret
+	Write-Host "INFO: Creating Azure IPAM Engine Secret" -ForegroundColor green
+	Write-Verbose -Message "Creating Azure IPAM Engine Secret"
+  $engineSecret = New-AzADAppCredential -ApplicationObject $engineObject -StartDate (Get-Date) -EndDate (Get-Date).AddYears(2)

-    # Grant admin consent for Microsoft Graph API permissions assigned to IPAM UI application
-    Write-Host "INFO: Granting admin consent for Microsoft Graph API permissions assigned to IPAM UI Application" -ForegroundColor Green
-    Write-Verbose -Message "Granting admin consent for Microsoft Graph API permissions assigned to IPAM UI Application"
-    New-MgOauth2PermissionGrant `
-    -ResourceId $msGraphSpn.Id `
-    -Scope $msGraphApiPermissionsScope `
-    -ClientId $uiSpn.Id `
-    -ConsentType AllPrincipals `
-    | Out-Null
+	Write-Host "INFO: Azure IPAM Engine Application & Service Principal created successfully" -ForegroundColor green
+	Write-Verbose -Message "Azure IPAM Engine Application & Service Principal created successfully"

-    Write-Host "INFO: Admin consent for Microsoft Graph API permissions granted successfully" -ForegroundColor green
-    Write-Verbose -Message "Admin consent for Microsoft Graph API permissions granted successfully"
-
-    # Grant admin consent for Azure Service Management API permissions assigned to IPAM application
-    Write-Host "INFO: Granting admin consent for Azure IPAM Engine API permissions assigned to IPAM UI Application" -ForegroundColor Green
-    Write-Verbose -Message "Granting admin consent for Azure IPAM Engine API permissions assigned to IPAM UI Application"
-    New-MgOauth2PermissionGrant `
-    -ResourceId $engineSpn.Id `
-    -Scope $engineApiPermissionsScope `
-    -ClientId $uiSpn.Id `
-    -ConsentType AllPrincipals `
-    | Out-Null
-
-    Write-Host "INFO: Admin consent for Azure IPAM Engine API permissions granted successfully" -ForegroundColor green
-    Write-Verbose -Message "Admin consent for Azure IPAM Engine API API permissions granted successfully"
+  $appDetails = @{
+    UIAppId      = $uiApp.AppId
+    EngineAppId  = $engineApp.AppId
+    EngineSecret = $engineSecret.SecretText
+  }

+  return $appDetails
 }

-Function updateEngineApplication {
-    $engineApiSettings = @{
-        KnownClientApplication = @(
-          $global:uiApp.AppId
-        )
-        Oauth2PermissionScope = @(
-        	@{
-            	AdminConsentDescription = "Allows the IPAM UI to access IPAM Engine API as the signed-in user."
-				AdminConsentDisplayName = "Access IPAM Engine API"
-				Id = $engineApiGuid
-				IsEnabled = $true
-				Type = "User"
-				UserConsentDescription = "Allow the IPAM UI to access IPAM Engine API on your behalf."
-				UserConsentDisplayName = "Access IPAM Engine API"
-				Value = "access_as_user"
-          	}
-        )
-        RequestedAccessTokenVersion = 2
-    }
+Function Deploy-Bicep {
+  Param(
+    [Parameter(Mandatory=$true)]
+    [string]$UIAppId,
+    [Parameter(Mandatory=$true)]
+    [string]$EngineAppId,
+    [Parameter(Mandatory=$true)]
+    [string]$EngineSecret,
+    [Parameter(Mandatory=$false)]
+    [string]$NamePrefix,
+    [Parameter(Mandatory=$false)]
+    [hashtable]$Tags
+  )

-    # Update IPAM engine application API settings
-    Write-Host "INFO: Updating Azure IPAM Engine Application" -ForegroundColor green
-    Write-Verbose -Message "Updating Azure IPAM Engine Application"
-    Update-AzADApplication -ApplicationId $global:engineApp.AppId -Api $engineApiSettings
-
-    
-    Write-Host "INFO: Updated Azure IPAM Engine Application successfully" -ForegroundColor green
-    Write-Verbose -Message "Updated Azure IPAM Engine Application successfully"
-
-}
-
-Function deployBicep {
-    Write-Host "INFO: Deploying IPAM bicep templates" -ForegroundColor green
-    Write-Verbose -Message "Deploying bicep templates"
+	Write-Host "INFO: Deploying IPAM bicep templates" -ForegroundColor green
+	Write-Verbose -Message "Deploying bicep templates"

 	# Instantiate deployment parameter object
-    $deploymentParameters = @{
-        'engineAppId' = $global:engineApp.AppId
-        'engineAppSecret' = $global:engineSecret.SecretText
-        'namePrefix' = $namePrefix
-        'uiAppId' = $global:uiApp.AppId
-    }
+	$deploymentParameters = @{
+		engineAppId     = $EngineAppId
+		engineAppSecret = $EngineSecret
+		uiAppId         = $UiAppId
+	}
+
+  if($NamePrefix) {
+    $deploymentParameters.Add('namePrefix', $NamePrefix)
+  }
+
+  if($Tags) {
+	  # $tagsParameter = $tags | ConvertFrom-Json -AsHashtable
+    $deploymentParameters.Add('tags', $Tags)
+  }

-    $tagsParameter = $tags | ConvertFrom-Json -AsHashtable
-    
-    $deploymentParameters.Add('tags',$tagsParameter)
-    
 	# Deploy IPAM bicep template
-    $global:deployment = New-AzSubscriptionDeployment `
-    -Name "ipamInfraDeploy-$(Get-Date -Format `"yyyyMMddhhmmsstt`")" `
-    -Location $location `
-    -TemplateFile main.bicep `
-    -TemplateParameterObject $deploymentParameters
+	$deployment = New-AzSubscriptionDeployment `
+	  -Name "ipamInfraDeploy-$(Get-Date -Format `"yyyyMMddhhmmsstt`")" `
+	  -Location $location `
+	  -TemplateFile main.bicep `
+	  -TemplateParameterObject $deploymentParameters

 	Write-Host "INFO: IPAM bicep templates deployed successfully" -ForegroundColor green
 	Write-Verbose -Message "IPAM bicep template deployed successfully"
-    
+
+  return $deployment
 }

-Function updateUiApplication {
-    Write-Host "INFO: Updating UI Application with SPA configuration" -ForegroundColor green
-    Write-Verbose -Message "Updating UI Application with SPA configuration"
-  
-    $uiAppId = $global:deployment.Parameters["uiAppId"].Value
-    $appServiceEndpoint = "https://$($global:deployment.Outputs["appServiceHostName"].Value)"
-  
+Function Update-UIApplication {
+  Param(
+    [Parameter(Mandatory=$true)]
+    [string]$UIAppId,
+    [Parameter(Mandatory=$true)]
+    [string]$Endpoint
+  )
+
+	Write-Host "INFO: Updating UI Application with SPA configuration" -ForegroundColor green
+	Write-Verbose -Message "Updating UI Application with SPA configuration"
+
+	$appServiceEndpoint = "https://$Endpoint"
+
 	# Update UI Application with single-page application configuration
-    Update-AzADApplication -ApplicationId $uiAppId -SPARedirectUri $appServiceEndpoint 
+	Update-AzADApplication -ApplicationId $UIAppId -SPARedirectUri $appServiceEndpoint 
+
+	Write-Host "INFO: UI Application SPA configuration update complete" -ForegroundColor green
+	Write-Verbose -Message "UI Application SPA configuration update complete"
+}
+
+Function Grant-AdminConsent {
+  Param(
+    [Parameter(Mandatory=$true)]
+    [string]$UIAppId,
+    [Parameter(Mandatory=$true)]
+    [string]$EngineAppId
+  )
+
+  $uiGraphScopes = [System.Collections.ArrayList]@(
+    @{
+      scopeId = "00000003-0000-0000-c000-000000000000"
+      scopes = "openid User.Read Directory.Read.All"
+    }
+  )
  
-    Write-Host "INFO: UI Application SPA configuration update complete" -ForegroundColor green
-    Write-Verbose -Message "UI Application SPA configuration update complete"
+  $engineGraphScopes = [System.Collections.ArrayList]@(
+    @{
+      scopeId = "797f4846-ba00-4fd7-ba43-dac1f8f63013"
+      scopes = "user_impersonation"
+    }
+    @{
+      scopeId = "00000003-0000-0000-c000-000000000000"
+      scopes = "offline_access openid profile User.Read"
+    }
+  )
+
+  # Get Microsoft Graph Access Token
+	$accesstoken = (Get-AzAccessToken -Resource "https://graph.microsoft.com/").Token
+
+  # Connect to Microsoft Graph
+	Write-Host "INFO: Logging in to Microsoft Graph" -ForegroundColor green
+	Write-Verbose -Message "Logging in to Microsoft Graph"
+	Connect-MgGraph -AccessToken $accesstoken | Out-Null
+
+  # Fetch Azure IPAM UI Service Principal
+  $uiSpn = Get-AzADServicePrincipal `
+    -ApplicationId $UIAppId
+
+  # Fetch Azure IPAM Engine Service Principal
+  $engineSpn = Get-AzADServicePrincipal `
+    -ApplicationId $EngineAppId
+
+	# Grant admin consent for Microsoft Graph API permissions assigned to IPAM UI application
+	Write-Host "INFO: Granting admin consent for Microsoft Graph API permissions assigned to IPAM UI Application" -ForegroundColor Green
+	Write-Verbose -Message "Granting admin consent for Microsoft Graph API permissions assigned to IPAM UI Application"
+  foreach($scope in $uiGraphScopes) {
+    $msGraphId = Get-AzADServicePrincipal `
+      -ApplicationId $scope.scopeId
  
+    New-MgOauth2PermissionGrant `
+      -ResourceId $msGraphId.Id `
+      -Scope $scope.scopes `
+      -ClientId $uiSpn.Id `
+      -ConsentType AllPrincipals `
+      | Out-Null
+  }
+
+	Write-Host "INFO: Admin consent for Microsoft Graph API permissions granted successfully" -ForegroundColor green
+	Write-Verbose -Message "Admin consent for Microsoft Graph API permissions granted successfully"
+
+	# Grant admin consent for Azure Service Management API permissions assigned to IPAM application
+	Write-Host "INFO: Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine Application" -ForegroundColor Green
+	Write-Verbose -Message "Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine Application"
+  New-MgOauth2PermissionGrant `
+    -ResourceId $engineSpn.Id `
+    -Scope "access_as_user" `
+    -ClientId $uiSpn.Id `
+    -ConsentType AllPrincipals `
+    | Out-Null
+
+  Write-Host "INFO: Admin consent for Azure Service Management API permissions granted successfully" -ForegroundColor green
+  Write-Verbose -Message "Admin consent for Azure Service Management API API permissions granted successfully"
+
+  # Grant admin consent for Microsoft Graph API permissions assigned to IPAM engine application
+	Write-Host "INFO: Granting admin consent for Microsoft Graph API permissions assigned to IPAM Engine Application" -ForegroundColor Green
+	Write-Verbose -Message "Granting admin consent for Microsoft Graph API permissions assigned to IPAM Engine Application"
+  foreach($scope in $engineGraphScopes) {
+    $msGraphId = Get-AzADServicePrincipal `
+      -ApplicationId $scope.scopeId
+  
+    New-MgOauth2PermissionGrant `
+      -ResourceId $msGraphId.Id `
+      -Scope $scope.scopes `
+      -ClientId $engineSpn.Id `
+      -ConsentType AllPrincipals `
+      | Out-Null
+  }
+
+	Write-Host "INFO: Admin consent for Microsoft Graph API permissions granted successfully" -ForegroundColor green
+	Write-Verbose -Message "Admin consent for Microsoft Graph API permissions granted successfully"
 }

 try {
-    # Connect to Microsoft Graph
-    $accesstoken = (Get-AzAccessToken -Resource "https://graph.microsoft.com/").Token
+  # Validate Azure Region
+	Write-Host "INFO: Validating Azure Region selected for deployment" -ForegroundColor green
+	Write-Verbose -Message "Validating Azure Region selected for deployment"

-    Connect-MgGraph -AccessToken $accesstoken
+	if (Test-Location -Location $Location) {
+    Write-Host "INFO: Azure Region validated successfully" -ForegroundColor green
+    Write-Verbose -Message "Azure Region validated successfully"
+  } else {
+		Write-Host "ERROR: Location provided is not a valid Azure Region!" -ForegroundColor red
+		exit
+  }

-    validateLocation $location
+	$appDetails = Deploy-IPAMApplications `
+    -UIAppName $UIAppName `
+    -EngineAppName $EngineAppName

-    deployEngineApplication
+	Grant-AdminConsent `
+    -UIAppId $appDetails.UIAppId `
+    -EngineAppId $appDetails.EngineAppId

-    deployUiApplication
+	$deployment = Deploy-Bicep @appDetails

-    updateEngineApplication
-
-    deployBicep
-
-    updateUiApplication
+	Update-UIApplication `
+    -UIAppId $appDetails.UIAppId `
+    -Endpoint $deployment.Outputs["appServiceHostName"].Value

 	Write-Host "INFO: Azure IPAM Solution deployed successfully" -ForegroundColor green
 	Write-Verbose -Message "Azure IPAM Solution deployed successfully"
-
 }
 catch {
-    $_ | Out-File -FilePath $logFile -Append
-    Write-Host "ERROR: Unable to deploy Azure IPAM solution due to an exception, see $logFile for detailed information!" -ForegroundColor red
-    exit
-
+	$_ | Out-File -FilePath $logFile -Append
+	Write-Host "ERROR: Unable to deploy Azure IPAM solution due to an exception, see $logFile for detailed information!" -ForegroundColor red
+	exit
 }
--- a/deploy/main.bicep
+++ b/deploy/main.bicep
@ -8,7 +8,7 @@ param guid string = newGuid()
 param location string = deployment().location

@description('Prefix for Resource Naming')
-param namePrefix string
+param namePrefix string = 'ipam'

@description('IPAM-UI App Registration Client/App ID')
 param uiAppId string
@ -21,7 +21,7 @@ param engineAppId string
 param engineAppSecret string

@description('Tags')
-param tags object
+param tags object = {}

 // Resource naming variables
 var appServiceName = '${namePrefix}-${uniqueString(guid)}'
--- a/engine/app/routers/user.py
+++ b/engine/app/routers/user.py
@ -140,7 +140,10 @@ async def get_user(

    admins = await cosmos_query("admins")

-    is_admin = next((x for x in admins['admins'] if x['id'] == target_user['id']), None)
+    if admins['admins']:
+      is_admin = next((x for x in admins['admins'] if x['id'] == target_user['id']), None)
+    else:
+      is_admin = True

    target_user['isAdmin'] = True if is_admin else False

--- a/ui/src/features/login/Login.js
+++ b/ui/src/features/login/Login.js
@ -23,6 +23,15 @@ const Login = () => {
    }
  }, [isAuthenticated, inProgress, instance]);

+  // React.useEffect(() => {
+  //   instance.loginRedirect(loginRequest).catch((e) => {
+  //     console.log("LOGIN ERROR:");
+  //     console.log("--------------");
+  //     console.error(e);
+  //     console.log("--------------");
+  //   });
+  // }, []);
+
  return(null)
 };