View GetAppProxyOfflineToken.ps1
# Get Offline Token for Azure AD App Proxy Register Connector
View AzureVMShutDownInlineWithMSI.ps1
# This script will shutdown the Azure VM it's running on
# Requirements: Azure Managed Service Identity (MSI) configured on the VMs in question.
# Permissions: The MSI service principal for the VM needs to be added as Virtual Machine Contributor for it's own VM
# Kudos: This script is inspired from Marcel Meurer's script for shutting down VM from itself:
# Read VM details from Azure VM Instance Metadata
$md = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI
# Save variables from metadata
$subscriptionId = $md.compute.subscriptionId
View AzureFunctionMSGraphMSI.ps1
# Get Managed Service Identity info from Azure Functions Application Settings
$msiEndpoint = $env:MSI_ENDPOINT
$msiSecret = $env:MSI_SECRET
Write-Output $msiEndpoint
Write-Output $msiSecret
# Specify URI and Token AuthN Request Parameters
$apiVersion = "2017-09-01"
$resourceURI = ""
View AzureADSPN.ps1
# Log in to Azure AD with Global Admin
# Get the Service Principal for the Function App
$faSpn = Get-AzureADServicePrincipal -SearchString "faElvenGraph"
# Get some properties for the Service Principal
$faSpn | Select-Object ObjectId, ObjectType, AlternativeNames,
AppId, DisplayName, ServicePrincipalType
View AzureADTokenPolicy.ps1
# Azure AD v2 PowerShell Token Lifetime Policy
# Connect with Modern Authentication
# See if there are any existing Azure AD Policies defined
# Defaults for NEW tenants:
# Refresh Token Inactivity: 90 Days
View AzureADDevices.ps1
# Connect to Azure AD
# Get All Azure AD Devices
$aadDevices = Get-AzureADDevice -All $true
# Explore Device Object
$aadDevices | Get-Member
View AzureADExtensionProperty.ps1
# Azure AD v2 PowerShell Module CmdLets for working with Extension Attribute Properties
# Connect to Azure AD with Global Administrator
# Get a User and Read Extension Properties
$aadUser = Get-AzureADUser -ObjectId <youruser>
$aadUser | Select -ExpandProperty ExtensionProperty
# Serialize User Object to JSON
View EMSAssignLicense.ps1
# PowerShell CmdLets for Assigning EMS Licenses with Azure AD v2 PowerShell Module
# Read blog post for details:
# Connect to Azure AD with Global Administrator
# List Subscriptions
Get-AzureADSubscribedSku | Select SkuId, SkuPartNumber
# EMS E3 license Service Plans
View AzureADReportingAPI_SSPR.ps1
# PowerShell for calling the Azure AD Graph Reporting REST API,
# Getting Self Service Password Reset Registrations
# This script will require registration of a Web Application in Azure Active Directory
# Method 1: Use steps here for manually creating required Web App:
# Method 2: Use Azure AD PowerShell as documented here:
$loginURL = ""
$tenantdomain = "<yourtenant>"
View AzureADConnectSSPRPermissions.ps1
# Description: Sets Azure AD Connect Password Write Back AD Permissions
# Created by: Jan Vidar Elven, Enterprise Mobility MVP, Skill AS
# Last Modified: 01.06.2016
# Run this on-premises for your domain/forest
Import-Module ActiveDirectory
#region Initial Parameters/Variables
# Domain Controller in wanted domain, leave blank if using current domain