Azure AD guest user review solution

Azure Active Directory guest users really simplify the process to collaborate with external users. Although keeping a good governance on guest accounts can become quite a challenge. The two biggest challenges I often observe are: “Who invited that guest user?” and “Does this guest user still need access to our infrastructure?”. Inspired by a recent post of Thomas Kurth regarding Azure AD Guest Account - Governance and Cleanup I also developed a solution which comes quite close to an “Azure AD Access review” like user experience....

July 14, 2020 · 6 min · 1170 words · Nicola Suter

Exploring the new Microsoft Graph PowerShell Module(s)

Microsoft is working on a new set of PowerShell modules grouped under the umbrella of Microsoft.Graph that will (hopefully) cover all the Microsoft Graph resources available. I’ve already used some of them for my Conditional Access Documentation Script and thought they have some notable features worth sharing. Advantages and changes The Microsoft Graph modules use the new Microsoft Authentication Library (MSAL) instead of the old Azure AD Authentication Library (ADAL). The MSAL library in the modules implements a token cache which persists the access and refresh tokens....

May 12, 2020 · 3 min · 570 words · Nicola Suter

Validating a GUID with PowerShell

For some recent Microsoft Graph scripts I wanted to translate some Azure AD Object ID / GUID entries to their respective display name. The array with the GUID’s contained already some readable text. Of course I only wanted to translate the GUID entries with according Graph API requests. Otherwise the Graph requests would fail. Google offered only some fancy regex functions and helpers but I had that .NET function in my mind which looks much nicer compared to whatever regex pattern that I don’t understand....

May 5, 2020 · 1 min · 198 words · Nicola Suter

Document Conditional Access Configuration with my Modern Workplace Concierge

Documenting things sucks. If it involves a lot of klick(edi klack klack) in portals and copying information around even more. But there’s hope. And it’s called automation. For the Intune part Thomas Kurt did already an awesome job with his IntuneDocumentation. Now the Modern Workplace Concierge is ready to help you with documenting your Conditional Access configuration. I promise you: we will get through this within under 15 minutes! Afterwards you can make an impression on your fellow Enterprise Mobility teammates....

April 20, 2020 · 4 min · 696 words · Nicola Suter

Connecting to foreign Intune tenants with Microsoft Graph and PowerShell

If you manage multiple Intune tenants with your Azure AD account (invited as guest in the foreign tenant) we need a way to specify the tenant id we want to connect. Otherwise you will land in your home-tenant every time. This posts shows you how to accomplish that with the Intune PowerShell SDK. If we have a look at the default Graph settings in a PowerShell session with the Intune PowerShell SDK you will notice that all authentication requests will land on the /common endpoint....

January 9, 2020 · 1 min · 165 words · Nicola Suter

Have you already started with Intune automation and Microsoft Graph?

This post has the intention to give you an overview and starting point to automate things with the Microsoft Graph API and PowerShell. While having the focus on Intune and EM+S but the basics are also valid for other Microsoft services. The world is changing and so are you? When talking about automation most people only think about some PowerShell code and scheduled tasks running on whatever box in an environment....

December 19, 2019 · 5 min · 1011 words · Nicola Suter

Application based authentication with the Intune PowerShell SDK using a certificate

As you might have noticed I have been doing quite a lot of automation stuff with Microsoft Graph for Intune and Azure AD. My preferred way to run PowerShell scripts which need to run on a regular basis is to use Azure automation. Unfortunately the official “Intune-PowerShell-SDK” does not support authentication with a client certificate. Therefore I updated the module and will show you how to use it with Azure automation....

December 10, 2019 · 4 min · 678 words · Nicola Suter

Intune export uploaded PowerShell scripts

After you have uploaded a PowerShell script to the Intune portal you won’t be able to view the script or its content. Therefore things become complicated when an Intune tenant is managed by multiple admins and someone wants to update or review a script. In addition to the unknown script content things can go from bad to worse if you can’t find the script anymore. Fortunately we can recollect our PowerShell scripts directly from the Microsoft Graph API....

October 9, 2019 · 1 min · 149 words · Nicola Suter

Calling the Microsoft Graph API via PowerShell without a user

A colleague recently asked me how to access the Microsoft Graph API using PowerShell without specifying his user account or credentials. So here’s a little post about the required configuration to authenticate against the OAuth 2.0 endpoint of Azure AD with an app registration. This is especially useful for automation services like Azure automation. At the end of this post you’ll find a PowerShell template. Gather application information Create a new client secret for your app and note down the following values:...

June 17, 2019 · 2 min · 277 words · Nicola Suter