#Connect to Azure
$Azure = Connect-AzAccount

#Create Service Principle
$sp = New-AzADServicePrincipal -DisplayName "Azure Maintenance Mode Scheduler"
$secret = $sp.PasswordCredentials.SecretText
$AppID = $sp.AppId
$TennantID = Get-AzTenant

#Gets Azure Subscription  Note if you only want to use with one Subscription change this line 
$azSubscription = Get-AzSubscription
$azSubID = $azSubscription[0].Id
$fullSubscription = "/subscriptions/$azSubID"

#Create Role Definition
$role = [Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition]::new()
$role.Name = 'Azure Maintenance Mode Scheduler Role'
$role.Description = 'Azure Maintenance Mode Scheduler Role'
$role.IsCustom = $true
$perms = 'Microsoft.Insights/ScheduledQueryRules/Write','Microsoft.Insights/ScheduledQueryRules/Read'
$perms += 'Microsoft.Insights/ScheduledQueryRules/Delete','Microsoft.OperationalInsights/workspaces/*'
$perms += 'Microsoft.Insights/ActionGroups/Read'
$role.Actions = $perms
$subs = $mg.Id
$role.AssignableScopes = $fullSubscription
$myRole = New-AzRoleDefinition -Role $role -Verbose -Debug



#Assign SP to Role Definition

$roleAssignment = New-AzRoleAssignment -ObjectId $sp.Id -RoleDefinitionId $myRole.Id -Scope $fullSubscription #-Verbose -Debug

#Output Values for Application
"Directory (tenant) ID " +  $TennantID.Id
"Application (client) ID: " + $AppID
"Client Secret: " + $secret