Skip to content

Instantly share code, notes, and snippets.

Jan Vidar Elven skillriver

Block or report user

Report or block skillriver

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View AzureADPrivilegedRoles.ps1
# Azure AD PowerShell CmdLets for Managing Privileged Roles
# Connect to Azure AD
Connect-AzureAD
@skillriver
skillriver / AzureAutomationAuthToAzureADwithServicePrincipal.ps1
Created Jul 11, 2018
AzureAutomationAuthToAzureADwithServicePrincipal
View AzureAutomationAuthToAzureADwithServicePrincipal.ps1
<#
.SYNOPSIS
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
.DESCRIPTION
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
It uses an Azure Run As Account connection that must be created before.
You have to import the AzureAD module from the Automation module gallery, if it's not already there.
AUTHOR: Jan Vidar Elven [MVP]
@skillriver
skillriver / New-AadApp1803.1_OfflineToken.ps1
Created Mar 16, 2018
Offline token version for register Azure AD App for Project Honolulu 1803 when on Windows Server 1709 or other Server Core
View New-AadApp1803.1_OfflineToken.ps1
<#########################################################################################################
File: New-AadApp.ps1
Copyright (c) Microsoft Corp 2017.
.SYNOPSIS
Creates a web app in AAD and registers it with the SME gateway.
.DESCRIPTION
View ManageAzureADAppProxyConnector.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Connector
# Connect to Azure AD
Connect-AzureAD
# Retrieve Application Proxy Connectors
Get-AzureADApplicationProxyConnector | Select-Object Id, MachineName, ExternalIp, Status
# Get Application Proxy Connectors by Filter
Get-AzureADApplicationProxyConnector -Filter "startswith(MachineName,'ELVEN')"
View CreateAzureADAppProxyApplication.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Applications
# Connect to Azure AD
Connect-AzureAD
# Create a new Application Proxy Application with required values
New-AzureADApplicationProxyApplication -DisplayName "Project Honolulu NUC" `
-ExternalUrl "https://projecthonolulunuc-elven.msappproxy.net/" `
-InternalUrl "https://ELVEN-NUC-HV1.nuc.group"
View RegisterAppProxyConnectorCredential.ps1
# Register Azure AD App Proxy Connector
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token
$User = "<username of global administrator>"
$PlainPassword = '<password>'
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector"
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" `
View AzureVMShutDownInlineWithMSI.ps1
# This script will shutdown the Azure VM it's running on
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question.
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself
# Read VM details from Azure VM Instance Metadata
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01
# Save variables from metadata
$subscriptionId = $md.compute.subscriptionId
@skillriver
skillriver / AzureFunctionMSGraphMSI.ps1
Created Sep 21, 2017
AzureFunctionMSGraphMSI.ps1
View AzureFunctionMSGraphMSI.ps1
# Get Managed Service Identity info from Azure Functions Application Settings
$msiEndpoint = $env:MSI_ENDPOINT
$msiSecret = $env:MSI_SECRET
Write-Output $msiEndpoint
Write-Output $msiSecret
# Specify URI and Token AuthN Request Parameters
$apiVersion = "2017-09-01"
$resourceURI = "https://graph.microsoft.com"
View AzureADSPN.ps1
# Log in to Azure AD with Global Admin
Connect-AzureAD
# Get the Service Principal for the Function App
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph"
# Get some properties for the Service Principal
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames,
AppId, DisplayName, ServicePrincipalType
@skillriver
skillriver / AzureADTokenPolicy.ps1
Last active Nov 5, 2018
AzureADTokenPolicy.ps1
View AzureADTokenPolicy.ps1
# Azure AD v2 PowerShell Token Lifetime Policy
# Connect with Modern Authentication
Connect-AzureAD
# See if there are any existing Azure AD Policies defined
Get-AzureADPolicy
# Defaults for NEW tenants:
# Refresh Token Inactivity: 90 Days
You can’t perform that action at this time.