Alexander Filipin AlexFilipin
AlexFilipin
/ AzureAutomationGraph.ps1
Last active
September 20, 2023 22:31
Azure Automation Managed Identity Graph Access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Assign Graph application permissions to managed identity (outside of Azure Automation) | |
| $spID = "c3bfc803-bc8a-47af-a8a4-eed98dce8bca" #Managed Identity SP | |
| $PermissionName = "User.Read.All" | |
| $GraphServicePrincipal = Get-MgServicePrincipal -Filter "startswith(DisplayName,'Microsoft Graph')" | Select-Object -first 1 #Graph App ID: 00000003-0000-0000-c000-000000000000 | |
| $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"} | |
| New-MgServicePrincipalAppRoleAssignment -AppRoleId $AppRole.Id -ServicePrincipalId $spID -ResourceId $GraphServicePrincipal.Id -PrincipalId $spID | |
| $AppRoleAssignments = Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $spID | |
| # Please note you can also give an managed identity permissions via: | |
| # Role assignments, such as User Administrator scoped to an Administrative Unit |
AlexFilipin
/ Get-AzureADPSPermissionsAF.ps1
Created
March 17, 2020 19:23
Get-AzureADPSPermissionsAF.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Lists delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments). | |
| .PARAMETER DelegatedPermissions | |
| If set, will return delegated permissions. If neither this switch nor the ApplicationPermissions switch is set, | |
| both application and delegated permissions will be returned. | |
| .PARAMETER ApplicationPermissions | |
| If set, will return application permissions. If neither this switch nor the DelegatedPermissions switch is set, |
AlexFilipin
/ Cleanup-Workflows.ps1
Created
April 8, 2019 12:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region functions | |
| function Write-Log | |
| { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory=$true, | |
| ValueFromPipelineByPropertyName=$true)] | |
| [ValidateNotNullOrEmpty()] | |
| [Alias("LogContent")] |
AlexFilipin
/ Cleanup-Sets.ps1
Created
April 8, 2019 12:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region functions | |
| function Write-Log | |
| { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory=$true, | |
| ValueFromPipelineByPropertyName=$true)] | |
| [ValidateNotNullOrEmpty()] | |
| [Alias("LogContent")] |
AlexFilipin
/ Get-MVAttributeUsage.ps1
Created
April 8, 2019 12:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Schema = Get-MVSchema | |
| $Attribute = "DisplayName" | |
| if($Schema.Attributes.Keys -contains $Attribute){ | |
| Write-Host "Attribute in MV schema" | |
| foreach($Key in $Schema.ObjectClasses.Keys){ | |
| $Attributes = $Schema.ObjectClasses.$Key.Attributes.Keys | |
| if($Attributes -contains $Attribute){ | |
| Write-Host "Binding on: " $Key |
AlexFilipin
/ Set-PrivPendingExports.ps1
Last active
March 29, 2019 16:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [string]$Path | |
| ) | |
| $Data = Import-Csv $Path -Delimiter ";" | |
| foreach($Item in $Data){ | |
| if($Item.Operation -eq "Replace"){ | |
| if($Item.Values -eq "True"){$Item.Values = $true} |
AlexFilipin
/ Get-PrivPendingExports.ps1
Created
March 27, 2019 22:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [string]$Path | |
| ) | |
| #Search PrivilegedAccount | |
| $Accounts = Get-MVObject -ObjectType Person -Attribute PrivilegedAccount -Value true | |
| #Get CS Object | |
| $Data = foreach($Account in $Accounts){ | |
| $ADMA_CSVMVLink = $Account.CSMVLinks | Where-Object -FilterScript {$PSItem.ManagementAgentName -eq "ADMA"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <Package> | |
| <!-- ==================================================================================== --> | |
| <!-- Definition --> | |
| <!-- ==================================================================================== --> | |
| <!-- * Installs Microsoft Identity Manager 2016 SP1 (4.4.1302.0) Synchronization Service --> | |
| <!-- |- * Deletes an existing EncryptionKey.bin file in ~\Logs\ --> | |
| <!-- |- * Exports the appropriate EncryptionKey.bin file to ~\Logs\EncryptionKey.bin --> |
We can make this file beautiful and searchable if this error is corrected: It looks like row 10 should actually have 6 columns, instead of 1. in line 9.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Authentication Method,Vulnerable to breach replay or password spray attacks?,Vulnerable to phishing?,Vulnerable to physical theft?,All secrets sent over the network?,Terminology suggestion | |
| Password alone,Yes,Yes,N/A,Yes,TBD | |
| Password + OTP via email,No,Yes,"Yes, if device offers unsecured access to email",Yes,TBD | |
| Password + OTP via SMS,No,Yes,"Yes, if device offers unsecured access to SMS",Yes,TBD | |
| Password + OTP via soft stoken,No,Yes,"Yes, if device offers unsecured access to soft token",Yes,TBD | |
| Password + OTP via hard token,No,Yes,Yes,Yes,TBD | |
| Password + Approval of push notification,No,Yes,"Yes, if device offers unsecured access to approve","No, it uses public-key cryptography",TBD | |
| Password + Smartcard,No,?,?,?,TBD | |
| "Password + FIDO CTAP authenticator [U2F or FIDO2] (Remoable e.g. security key or built-in e.g. Windows Hello)",No,"No, challenging origin is checked","No, unlocking the authenticator requires PIN or biometrics by standard","No, it uses public-key cryptography",TBD | |
| Passwordless public-key cryptogr |