Param(
    [Parameter(Mandatory=$true)][string]$AdminUrl,
    [Parameter(Mandatory=$true)][string]$UserName,
    [Parameter(Mandatory=$true)][string]$Password
)

#Add references to SharePoint client assemblies and authenticate to Office 365 site
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
# $SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName, $SecurePassword)
$Credentials = New-Object System.Management.Automation.PSCredential($Username, $SecurePassword)
$SPOCreds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $SecurePassword)
Connect-SPOService -Url $AdminUrl -Credential $Credentials

$sites = Get-SPOSite
$PermName = "Site Admins"
$PermDescription = "Custom Owners Permission Level"

foreach($site in $sites) {
    $Context = New-Object Microsoft.SharePoint.Client.ClientContext($site.Url)

    $Context.Credentials = $SPOCreds
    $Web = $Context.Web
    $Context.Load($web)
    $permissionlevel = "ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, ViewUsageData, ManageSubwebs, CreateGroups, ManagePermissions, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions"
    $RoleDefinitionCol = $web.RoleDefinitions
    $Context.Load($roleDefinitionCol)
    $Context.ExecuteQuery()
    $permExists = $false
    $spRoleDef = New-Object Microsoft.SharePoint.Client.RoleDefinitionCreationInformation
    $spBasePerm = New-Object Microsoft.SharePoint.Client.BasePermissions
    $permissions = $permissionlevel.split(",");
    foreach($perm in $permissions){$spBasePerm.Set($perm)}

    $spRoleDef.Name = $permName
    $spRoleDef.Description = $permDescription
    $spRoleDef.BasePermissions = $spBasePerm   
    $roleDefinition = $web.RoleDefinitions.Add($spRoleDef)
    $Context.ExecuteQuery()

    #Create Group
    $NewGroup = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
    $NewGroup.Title = $PermName
    $NewGroup.Description = $PermDescription
    $AdminGroup = $Context.Web.SiteGroups.Add($NewGroup)

    #Retrieve Permission Level
    $PermissionLevel = $Context.Web.RoleDefinitions.GetByName($permName)

    #Bind Permission Level to Group
    $RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
    $RoleDefBind.Add($PermissionLevel)
    $Assignments = $Context.Web.RoleAssignments
    $RoleAssignOneNote = $Assignments.Add($AdminGroup,$RoleDefBind)
    $Context.Load($AdminGroup)
    $Context.ExecuteQuery()
}