Instantly share code, notes, and snippets.

View AzureAutomationAuthToAzureADwithServicePrincipal.ps1
<#
.SYNOPSIS
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
.DESCRIPTION
This Azure Automation runbook connects to Azure AD with a Service Principal and Connect-AzureAD.
It uses an Azure Run As Account connection that must be created before.
You have to import the AzureAD module from the Automation module gallery, if it's not already there.
AUTHOR: Jan Vidar Elven [MVP]
View New-AadApp1803.1_OfflineToken.ps1
<#########################################################################################################
File: New-AadApp.ps1
Copyright (c) Microsoft Corp 2017.
.SYNOPSIS
Creates a web app in AAD and registers it with the SME gateway.
.DESCRIPTION
View ManageAzureADAppProxyConnector.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Connector
# Connect to Azure AD
Connect-AzureAD
# Retrieve Application Proxy Connectors
Get-AzureADApplicationProxyConnector | Select-Object Id, MachineName, ExternalIp, Status
# Get Application Proxy Connectors by Filter
Get-AzureADApplicationProxyConnector -Filter "startswith(MachineName,'ELVEN')"
View CreateAzureADAppProxyApplication.ps1
# AzureAD PowerShell CmdLets to Manage Azure AD App Proxy Applications
# Connect to Azure AD
Connect-AzureAD
# Create a new Application Proxy Application with required values
New-AzureADApplicationProxyApplication -DisplayName "Project Honolulu NUC" `
-ExternalUrl "https://projecthonolulunuc-elven.msappproxy.net/" `
-InternalUrl "https://ELVEN-NUC-HV1.nuc.group"
View RegisterAppProxyConnectorCredential.ps1
# Register Azure AD App Proxy Connector
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token
$User = "<username of global administrator>"
$PlainPassword = '<password>'
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector"
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" `
View AzureVMShutDownInlineWithMSI.ps1
# This script will shutdown the Azure VM it's running on
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question.
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself: https://www.sepago.de/blog/2018/01/16/deallocate-an-azure-vm-from-itself
# Read VM details from Azure VM Instance Metadata
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI http://169.254.169.254/metadata/instance?api-version=2017-08-01
# Save variables from metadata
$subscriptionId = $md.compute.subscriptionId
View AzureFunctionMSGraphMSI.ps1
# Get Managed Service Identity info from Azure Functions Application Settings
$msiEndpoint = $env:MSI_ENDPOINT
$msiSecret = $env:MSI_SECRET
Write-Output $msiEndpoint
Write-Output $msiSecret
# Specify URI and Token AuthN Request Parameters
$apiVersion = "2017-09-01"
$resourceURI = "https://graph.microsoft.com"
View AzureADSPN.ps1
# Log in to Azure AD with Global Admin
Connect-AzureAD
# Get the Service Principal for the Function App
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph"
# Get some properties for the Service Principal
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames,
AppId, DisplayName, ServicePrincipalType
View AzureADTokenPolicy.ps1
# Azure AD v2 PowerShell Token Lifetime Policy
# Connect with Modern Authentication
Connect-AzureAD
# See if there are any existing Azure AD Policies defined
Get-AzureADPolicy
# Defaults for NEW tenants:
# Refresh Token Inactivity: 90 Days
View AzureADDevices.ps1
# Connect to Azure AD
Connect-AzureAD
# Get All Azure AD Devices
$aadDevices = Get-AzureADDevice -All $true
# Explore Device Object
$aadDevices | Get-Member