I had the issue that I need Enterprise Applications to be published via another Connector Group. Azure doesn’t only not show a reliable value of how many app are using a specific Connector Group, but also doesn’t show which those are. So I wrote this little script to take care of it:
Today it’s all about the money… oh well, about saving money.Out of the box, Azure gives us the possibility to shutdown VMs at certain times. There is even option to switch them on at certain times, using Automation Accounts. But either per ResourceGroup or for the complete subscription. I needed more dynamic in terms of Read more about Automatically start and stop Azure VMs[…]
Every year again… comes a new SSL-certificate and want to be replaced. Since doing so within the Azure Portal is quite a tedious task, here’s a script that gets the work done quite easily and fast. Simply adjust the constants in the script’s header, and you’re all set.
So, you need to be able to provide an MFA Reset method to you colleagues (service desk, etc.), but don’t fancy buying a Azure AD P2 (or E5) license to provide PIM? And of course you don’t want 20 colleagues to be global administrator… but doing it yourself everytime is somewhat useless? Here’s your way Read more about MFA Reset without Global Administrator rights.[…]
It took me quite a while figuring this one out and understanding it. I hope this article helps you save some time. So you want to “automate stuff” with PowerShell via REST API, without a user account? Here’s your tutorial. Remark: In order to do anything, we still need to authenticate somehow… This is done Read more about PowerShell and REST API: Part 1[…]
Having “historically grown” structures it could happen that you lose the overview of all role assisgnments in Azure AD. With this script you can create a report: Import-Module AzureAD Connect-AzureAD $AllAzureADDirectoryRoles = Get-AzureADDirectoryRole $Table = @() Foreach ($AzureADDirectoryRole in $AllAzureADDirectoryRoles){ Foreach($User in ($AzureADDirectoryRole | Get-AzureADDirectoryRoleMember)){ $Row = “” | Select DirectoryRole,UserPrincipalName $Row.DirectoryRole = $AzureADDirectoryRole.DisplayName $Row.UserPrincipalName Read more about Report all Azure AD role assignments[…]
It could become necessary to treat an Azure AD Guest like “proper” user. I.e. in order to assign him O365 licenses. In our case we had to have a user which is a full blown member in 2 Azure AD tenants in order to move a VSTS subscription from one tenant to another. The steps Read more about Convert Azure AD Guest to member[…]
Um innerhalb vom Azure Resource Manager granularere Berechtigungen zu verteilen, braucht man customized Rollen. Dieses lassen sich per Shell erstellen. In diesem Beispiel möchte ich den Kollegen Contributor Rechte auf deren ResourceGroups geben, jedoch verhindern, dass sie irgendetwas am Netzwerk-Stack ändern können: # Laden und anmelden Import-Module AzureRM Login-AzureRMAccount # Die Konfig muss als JSON Read more about Custom RBAC Role in Azure[…]
Noch ein Module das der moderne Microsoft Admin braucht: AzureAD Shell als Admin öffnen: Find-Module AzureAD | Install-Module Connect-AzureAD Und auch hier wird MFA unterstützt. Eine Liste aller Befehle bekommt man z.B. mit: Get-Command *AzureAD*
Man merkt, dieses MFA Thema macht es einem manchmal etwas schwieriger… Aber naja, Sicherheit ist selten bequem. Um die gesamte Palette Office 365 Security & Compliance Center also auch bei aktiviertem MFA mittels Powershell zu managen, muss man einen Umweg gehen. Zuerst bitte diesem Beitrag folgen: Exchange Online PowerShell mit MFA Wenn das erledigt ist, Read more about Office 365 Security & Compliance Center mittels PowerShell verwalten, wenn MFA aktiviert ist[…]