Skip to content

Instantly share code, notes, and snippets.

Avatar

Jan Vidar Elven JanVidarElven

View GitHub Profile
@JanVidarElven
JanVidarElven / AddManagedIdentityMSGraphAppRoles.md
Last active Mar 15, 2022
ManagedIdentityAddMSGraphAppRoles
View AddManagedIdentityMSGraphAppRoles.md

Add Microsoft Graph Applications Permissions (Roles Claim) to MSI

The following commands must be run in Windows PowerShell and with the AzureAD Module. Remember to Connect-AzureAD with Global Administrator Privileges first.

Part 1 - Get Managed Identity Service Principal

Display Name of Managed Identity

# Get SPN based on MSI Display Name
View GetTeamsAdminCenterToken.ps1
# Connect to Azure AD Organization as Admin
Connect-AzureAD
#region Part 1 - Azure AD App
# Create a new App Registration for Teams Admin Center
$azureAdApp = New-AzureADApplication -DisplayName "Teams Admin Center API" -ReplyUrls "https://localhost", "urn:ietf:wg:oauth:2.0:oob"
$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z"
$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z"
View GetMyPIMAzureADRoles.ps1
# Requires Windows PowerShell
# Requires AzureADPreview PowerShell Module
# Connect to Azure AD
Connect-AzureAD
# Get Tenant Detail
$tenant = Get-AzureADTenantDetail
# Get User
View GitHubAPIPowerPlatformCustomConnector.yml
swagger: '2.0'
info: {title: JanVidarElven Github Connector, description: GitHub API Connector for
JanVidarElven, version: '1.0'}
host: api.github.com
basePath: /
schemes: [https]
consumes: []
produces: []
paths:
/repos/{owner}/{repo}/contents/{path}:
View AzureADPrivilegedRoles.ps1
# Azure AD PowerShell CmdLets for Managing Privileged Roles
# Connect to Azure AD
Connect-AzureAD
@JanVidarElven
JanVidarElven / AzureAutomationAuthToAzureADwithServicePrincipal.ps1
Created Jul 11, 2018
AzureAutomationAuthToAzureADwithServicePrincipal
View AzureAutomationAuthToAzureADwithServicePrincipal.ps1
<#
.SYNOPSIS
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
.DESCRIPTION
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
It uses an Azure Run As Account connection that must be created before.
You have to import the AzureAD module from the Automation module gallery, if it's not already there.
AUTHOR: Jan Vidar Elven [MVP]
@JanVidarElven
JanVidarElven / New-AadApp1803.1_OfflineToken.ps1
Created Mar 16, 2018
Offline token version for register Azure AD App for Project Honolulu 1803 when on Windows Server 1709 or other Server Core
View New-AadApp1803.1_OfflineToken.ps1
<#########################################################################################################
File: New-AadApp.ps1
Copyright (c) Microsoft Corp 2017.
.SYNOPSIS
Creates a web app in AAD and registers it with the SME gateway.
.DESCRIPTION
View ManageAzureADAppProxyConnector.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Connector
# Connect to Azure AD
Connect-AzureAD
# Retrieve Application Proxy Connectors
Get-AzureADApplicationProxyConnector | Select-Object Id, MachineName, ExternalIp, Status
# Get Application Proxy Connectors by Filter
Get-AzureADApplicationProxyConnector -Filter "startswith(MachineName,'ELVEN')"
View CreateAzureADAppProxyApplication.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Applications
# Connect to Azure AD
Connect-AzureAD
# Create a new Application Proxy Application with required values
New-AzureADApplicationProxyApplication -DisplayName "Project Honolulu NUC" `
-ExternalUrl "https://projecthonolulunuc-elven.msappproxy.net/" `
-InternalUrl "https://ELVEN-NUC-HV1.nuc.group"
View RegisterAppProxyConnectorCredential.ps1
# Register Azure AD App Proxy Connector
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token
$User = "<username of global administrator>"
$PlainPassword = '<password>'
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector"
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" `