This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Applications | |
# Connect to Azure AD | |
Connect-AzureAD | |
# Create a new Application Proxy Application with required values | |
New-AzureADApplicationProxyApplication -DisplayName "Project Honolulu NUC" ` | |
-ExternalUrl "https://projecthonolulunuc-elven.msappproxy.net/" ` | |
-InternalUrl "https://ELVEN-NUC-HV1.nuc.group" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Register Azure AD App Proxy Connector | |
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token | |
$User = "<username of global administrator>" | |
$PlainPassword = '<password>' | |
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force | |
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword | |
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector" | |
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" ` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script will shutdown the Azure VM it's running on | |
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question. | |
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM | |
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself | |
# Read VM details from Azure VM Instance Metadata | |
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01 | |
# Save variables from metadata | |
$subscriptionId = $md.compute.subscriptionId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get Managed Service Identity info from Azure Functions Application Settings | |
$msiEndpoint = $env:MSI_ENDPOINT | |
$msiSecret = $env:MSI_SECRET | |
Write-Output $msiEndpoint | |
Write-Output $msiSecret | |
# Specify URI and Token AuthN Request Parameters | |
$apiVersion = "2017-09-01" | |
$resourceURI = "https://graph.microsoft.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Log in to Azure AD with Global Admin | |
Connect-AzureAD | |
# Get the Service Principal for the Function App | |
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph" | |
# Get some properties for the Service Principal | |
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames, | |
AppId, DisplayName, ServicePrincipalType |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Azure AD v2 PowerShell Token Lifetime Policy | |
# Connect with Modern Authentication | |
Connect-AzureAD | |
# See if there are any existing Azure AD Policies defined | |
Get-AzureADPolicy | |
# Defaults for NEW tenants: | |
# Refresh Token Inactivity: 90 Days |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Connect to Azure AD | |
Connect-AzureAD | |
# Get All Azure AD Devices | |
$aadDevices = Get-AzureADDevice -All $true | |
# Explore Device Object | |
$aadDevices | Get-Member |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Azure AD v2 PowerShell Module CmdLets for working with Extension Attribute Properties | |
# Connect to Azure AD with Global Administrator | |
Connect-AzureAD | |
# Get a User and Read Extension Properties | |
$aadUser = Get-AzureADUser -ObjectId <youruser> | |
$aadUser | Select -ExpandProperty ExtensionProperty | |
# Serialize User Object to JSON |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module | |
# Read blog post for details: https://gotoguy.blog/2017/02/17/assign-ems-license-with-azure-ad-v2-powershell-and-dynamic-groups/ | |
# Connect to Azure AD with Global Administrator | |
Connect-AzureAD | |
# List Subscriptions | |
Get-AzureADSubscribedSku | Select SkuId, SkuPartNumber | |
# EMS E3 license Service Plans |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell for calling the Azure AD Graph Reporting REST API, https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview | |
# Getting Self Service Password Reset Registrations | |
# This script will require registration of a Web Application in Azure Active Directory | |
# Method 1: Use steps here for manually creating required Web App: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-prerequisites | |
# Method 2: Use Azure AD PowerShell as documented here: https://gist.github.com/skillriver/b46c51e2902a331a91221c6828bd320c#file-azureadapiapplication-ps1 | |
$loginURL = "https://login.microsoftonline.com" | |
$tenantdomain = "<yourtenant>.onmicrosoft.com" |