AzureAD / M365 – View all active role assignments

As I am implementing many Conditional Access Policies and scope them to specific roles, I want to know which admins will be effected, in advance. But I am too lazy to go through all roles by hand, so I wrote following script: Nothing too fancy, but re-usable. But be aware: Roles “eligable” via PIM “eligable” Read more about AzureAD / M365 – View all active role assignments[…]

Invoke-RestMethod : {“error”:{“code”:”InvalidAuthenticationTokenTenant”,”message”:”The access token is from the wrong issuer

A little bit shorter this time…. If you retrieved to many AccessTokens geholt and are trying to make a REST Call, this might happen: Invoke-RestMethod : {“error”:{“code”:”InvalidAuthenticationTokenTenant”,”message”:”The access token is from the wrong issuer You’ve got too many tokens, and PowerShell doesn’t know which one to use. Which we can see like this: The easiest Read more about Invoke-RestMethod : {“error”:{“code”:”InvalidAuthenticationTokenTenant”,”message”:”The access token is from the wrong issuer[…]

News: Group Based Licensing Conflict

If you are using Group Based Licensing to create a bundle which excludes Exchange…There’s a new plan –> Microsoft Bookings. But it depends on Exchange Online. Microsoft was so kind and activated this license within your Group Based Licensing, which causes errors… Better check your customer’s setup!

1st Azure Meetup – Mannheim

What a start! On November 27th 2019 it was finally time: The group “Azure Meetup Mannheim” had its first event outside the Bootcamp-events. And it was a blast. ( Here are the facts: 1st Meetup 50 Guests 2 Speaker 90 Minutes presentations 29 Pizzas 2 Crates of beer Douzends of giveaways One community If you Read more about 1st Azure Meetup – Mannheim[…]

Which connector group publishes and Azure Application Proxy app?

I had the issue that I need Enterprise Applications to be published via another Connector Group. Azure doesn’t only not show a reliable value of how many app are using a specific Connector Group, but also doesn’t show which those are. So I wrote this little script to take care of it:

Azure Application Proxy – Replace Certificate

Every year again… comes a new SSL-certificate and want to be replaced. Since doing so within the Azure Portal is quite a tedious task, here’s a script that gets the work done quite easily and fast. Simply adjust the constants in the script’s header, and you’re all set.

Custom RBAC Role in Azure

Um innerhalb vom Azure Resource Manager granularere Berechtigungen zu verteilen, braucht man customized Rollen. Dieses lassen sich per Shell erstellen. In diesem Beispiel möchte ich den Kollegen Contributor Rechte auf deren ResourceGroups geben, jedoch verhindern, dass sie irgendetwas am Netzwerk-Stack ändern können:

Möchte man nun nicht nur Befehle ausschließen, sondern in weiteren Rollen auch Read more about Custom RBAC Role in Azure[…]