Using PowerShell to talk to the Office 365 Service Communications API

I created a script to query the old API (before I knew there was a new one).  It works for the most part.  I send 22 variables back to my RMM (N-Central) to use as an alerting tool.  I haven't turned alerting on for it yet because I've still been testing it for the most part.  The one thing I have noticed is that sometimes the messagetext does not always show what it should.  It should show messagetext[0] which would correspond to the last message posted for the service, but sometimes it get skewed.  I'm leaning towards this being an anomaly in the method Microsoft uses to post the messages.  I've spent all night tonight (8+ hours) and an equal amount of time other nights trying to figure out how to port this to the new API but I keep coming up short.  So far the closest I have come is by using the Exch-REST module and using the Get-EXRMSubscriptionContentBlob cmdlet.  See below.

$tenantGUID = "YOURTENANTID"

$test = Get-EXRMSubscriptionContentBlob -ContentURI "https://manage.office.com/api/v1.0/$tenantGUID/ServiceComms/Messages"
# This will net you almost what $Events will from the O365ServiceCommunications module

$test.value | ? {$_.WorkloadDisplayName -ne $null} | FT ID,WorkloadDisplayName,StartTime,EndTime,LastUpdatedTime,Status
$test.value.messages.messagetext

https://gist.github.com/joshuabiddle/7a0e90c671019be0294f199ab257c306 for the script for the previous API.  Let's keep this thread going.  I'd really like to crack the mystery of API v2.  :)

PS: To get the pertinent data from the script you'll want to return $service and $servicemsg for each of the services - these are the variables I am sending back to my RMM.

Cheers,

Josh

PSS: Here are some notes on how to create the Azure App and obtain the oAuth token.

https://docs.microsoft.com/en-us/office/office-365-management-api/

Follow instructions here to create Azure App for Certificate Secret key: https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis

Here's a video outlining some of the process: https://www.youtube.com/watch?v=WygwzN9FfMQ

# Create certificate, then Export .cer via MMC > Certificates Snap-In > My User Account

$cert = New-SelfSignedCertificate -Type CodeSigningCert -KeySpec Signature `
-Subject "E=my@email.com,CN=My Name" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 -NotAfter ((Get-Date).AddYears(10)) `
-FriendlyName "Company Name Office 365 Service Communications API" `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

# Get values to create oAuth token
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cer.Import("C:\Users\xxxx\xxxx\O365CommAPI.cer")
$bin = $cer.GetRawCertData()
$base64Value = [System.Convert]::ToBase64String($bin)
$bin = $cer.GetCertHash()
$base64Thumbprint = [System.Convert]::ToBase64String($bin)
$keyid = [System.Guid]::NewGuid().ToString()

Error updating manifest?:
"Failed to save manifest. Error details: KeyValueMustBeNull"
https://social.msdn.microsoft.com/Forums/en-US/0e88e784-5e5b-496f-b554-0935ab34b440/cannot-update-keycredential-value-in-azure-application-manifest?forum=WindowsAzureAD
"because the key is already stored. If you go to "Settings -> Keys" and remove the public key stored here it is possible to update it again."

# Create app of type Web app / API in Azure AD, generate a Client Secret, and update the client id and client secret here
$ClientID = "xxxx"
$ClientSecret = "xxxx"
$loginURL = "https://login.microsoftonline.com/"
$tenantdomain = "xxxx"
# Get the tenant GUID from Properties | Directory ID under the Azure Active Directory section
# https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id
$TenantGUID = "xxxx"
$resource = "https://manage.office.com"
# auth
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}

I'm not exactly sure what to do once you have the token, but this is where I left off - also using the Exch-REST module I was able to somewhat replicate the data obtained from the O365ServiceCommunications module.  Was anyone able to make it any further?