Jan Vidar Elven JanVidarElven
JanVidarElven
/ CreateAzureADAppProxyApplication.ps1
Last active
April 27, 2018 11:01
AzureADAppProxyApplication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Applications | |
| # Connect to Azure AD | |
| Connect-AzureAD | |
| # Create a new Application Proxy Application with required values | |
| New-AzureADApplicationProxyApplication -DisplayName "Project Honolulu NUC" ` | |
| -ExternalUrl "https://projecthonolulunuc-elven.msappproxy.net/" ` | |
| -InternalUrl "https://ELVEN-NUC-HV1.nuc.group" |
JanVidarElven
/ RegisterAppProxyConnectorCredential.ps1
Last active
March 13, 2023 00:16
AzureADAppProxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Register Azure AD App Proxy Connector | |
| # PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token | |
| $User = "<username of global administrator>" | |
| $PlainPassword = '<password>' | |
| $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force | |
| $cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword | |
| Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector" | |
| .\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" ` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script will shutdown the Azure VM it's running on | |
| # Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question. | |
| # Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM | |
| # Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself | |
| # Read VM details from Azure VM Instance Metadata | |
| $md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01 | |
| # Save variables from metadata | |
| $subscriptionId = $md.compute.subscriptionId |
JanVidarElven
/ AzureFunctionMSGraphMSI.ps1
Created
September 21, 2017 12:52
AzureFunctionMSGraphMSI.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get Managed Service Identity info from Azure Functions Application Settings | |
| $msiEndpoint = $env:MSI_ENDPOINT | |
| $msiSecret = $env:MSI_SECRET | |
| Write-Output $msiEndpoint | |
| Write-Output $msiSecret | |
| # Specify URI and Token AuthN Request Parameters | |
| $apiVersion = "2017-09-01" | |
| $resourceURI = "https://graph.microsoft.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Log in to Azure AD with Global Admin | |
| Connect-AzureAD | |
| # Get the Service Principal for the Function App | |
| $faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph" | |
| # Get some properties for the Service Principal | |
| $faSpn | Select-Object ObjectId, ObjectType, AlternativeNames, | |
| AppId, DisplayName, ServicePrincipalType |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Azure AD v2 PowerShell Token Lifetime Policy | |
| # Connect with Modern Authentication | |
| Connect-AzureAD | |
| # See if there are any existing Azure AD Policies defined | |
| Get-AzureADPolicy | |
| # Defaults for NEW tenants: | |
| # Refresh Token Inactivity: 90 Days |
JanVidarElven
/ AzureADDevices.ps1
Created
March 27, 2017 13:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Connect to Azure AD | |
| Connect-AzureAD | |
| # Get All Azure AD Devices | |
| $aadDevices = Get-AzureADDevice -All $true | |
| # Explore Device Object | |
| $aadDevices | Get-Member |
JanVidarElven
/ AzureADExtensionProperty.ps1
Last active
July 18, 2019 07:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Azure AD v2 PowerShell Module CmdLets for working with Extension Attribute Properties | |
| # Connect to Azure AD with Global Administrator | |
| Connect-AzureAD | |
| # Get a User and Read Extension Properties | |
| $aadUser = Get-AzureADUser -ObjectId <youruser> | |
| $aadUser | Select -ExpandProperty ExtensionProperty | |
| # Serialize User Object to JSON |
JanVidarElven
/ EMSAssignLicense.ps1
Last active
February 17, 2017 09:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module | |
| # Read blog post for details: https://gotoguy.blog/2017/02/17/assign-ems-license-with-azure-ad-v2-powershell-and-dynamic-groups/ | |
| # Connect to Azure AD with Global Administrator | |
| Connect-AzureAD | |
| # List Subscriptions | |
| Get-AzureADSubscribedSku | Select SkuId, SkuPartNumber | |
| # EMS E3 license Service Plans |
JanVidarElven
/ AzureADReportingAPI_SSPR.ps1
Created
February 12, 2017 00:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell for calling the Azure AD Graph Reporting REST API, https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview | |
| # Getting Self Service Password Reset Registrations | |
| # This script will require registration of a Web Application in Azure Active Directory | |
| # Method 1: Use steps here for manually creating required Web App: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites | |
| # Method 2: Use Azure AD PowerShell as documented here: https://gist.github.com/skillriver/b46c51e2902a331a91221c6828bd320c#file-azureadapiapplication-ps1 | |
| $loginURL = "https://login.microsoftonline.com" | |
| $tenantdomain = "<yourtenant>.onmicrosoft.com" |