Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 3

27th of November, 2018 / / No Comments

This is the third and likely last post in this series. In Part 1 I introduced the capability to have Virtual PowerShell Environments using Docker and the full Windows 10 / Server 2019 Build 1809 container images. In Part 2 I detailed remotely access the Azure RM Windows 10 / Server 2019 host that contains the Docker Container with our full Windows 1809 environment (and therefore PowerShell Desktop).

In this post I’ll detail building a Docker Image based off of the Windows 1809 Container image.… [Keep reading] “Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 3”

Searching & Returning all Objects/Users from a SailPoint IdentityNow Source

23rd of November, 2018 / / No Comments 
Update: Oct 2019. Searching Sources can be easily managed using the SailPoint IdentityNow PowerShell Module.

There are times when need to get an extract of all objects on an IdentityNow Source. Just a particular Source, not the object from the Identity Cube with attributes contributed from multiple sources.

I’ll cover how I do that in this post, which in turn also handles paging the results from IdentityNow as the SearchLimit is 2500 objects.

The basis of the logic is;

  • Define the Source to retrieve objects from
  • Define the number of results you wish to return per page (maximum is 2500)
  • Page results until you return the base object for all objects on the Source
  • Retrieve the Full Object details for each object

The Script

The following script has been written to run in VS Code and provide a Progress bar using the psInlineProgress PowerShell Module available from the PowerShell Gallery and here.… [Keep reading] “Searching & Returning all Objects/Users from a SailPoint IdentityNow Source”

Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 2

22nd of November, 2018 / / 1 Comment 
27 Nov 18 Part 3 is available here that details customizing 
an image and accessing it via other SSH clients with elevated
access.

In Part-1 of this series posted yesterday I showed that with Windows 10/Windows Server 2019 we can now have isolated virtual environments for PowerShell Desktop in Azure through containerization.

In this post I’ll show how I plan to leverage this capability from a mobility perspective. What we need to do first is enable elevated (privileged) access to our VM.… [Keep reading] “Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 2”

Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 1

21st of November, 2018 / / 2 Comments 
22 Nov 18 Part 2 is available here that details accessing
the Docker Image via Azure Cloud Shell / SSH
27 Nov 18 Part 3 is available here that details customizing
an image and accessing it via other SSH clients with 
elevated access.

PowerShell Desktop Virtual Environments

If you’ve been working with PowerShell for any length of time you know that through its flexibility there can come challenges when using disparate PowerShell Modules and often their version dependencies.… [Keep reading] “Nested Virtual PowerShell Desktop Environments on Windows 10 & Windows Server 2019 in Azure – Part 1”

Retrieving SailPoint IdentityNow Certification Reports using PowerShell

20th of November, 2018 / / No Comments 
Update: Oct 2019. Certification Campaign Reports can be easily managed using the SailPoint IdentityNow PowerShell Module.

This is the third and probably last post in the Certifications by API series. The first post detailed retrieving and searching campaigns, the second post detailed creating and starting campaigns. If you haven’t read those, check them out as they will give you the background for this one.

As detailed in the previous two posts this post also assumes you are authenticated to IdentityNow as detailed in this post, and you understand that this post details accessing Certifications using the non-versioned SailPoint IdentityNow API’s.… [Keep reading] “Retrieving SailPoint IdentityNow Certification Reports using PowerShell”

Creating SailPoint IdentityNow Certification Campaigns using PowerShell

16th of November, 2018 / / No Comments 
Update: Oct 2019. Certification Campaigns can be easily managed using the SailPoint IdentityNow PowerShell Module.

This is the second post in the Certifications by API series. The last post detailed searching and retrieving campaigns. If you haven’t read that, check that out as it will give you the background for this one.

Also as per the last post this post also assumes you are authenticated to IdentityNow as detailed in this post, and you understand that this post details accessing Certifications using the non-versioned SailPoint IdentityNow API’s.… [Keep reading] “Creating SailPoint IdentityNow Certification Campaigns using PowerShell”

Accessing SailPoint IdentityNow Certification Campaigns using PowerShell

15th of November, 2018 / / No Comments 
Update: Oct 2019. Certification Campaigns can be easily managed using the SailPoint IdentityNow PowerShell Module.

This is the first post in a series covering SailPoint IdentityNow Certifications. Specifically listing and returning campaigns, creating campaigns and accessing campaign reports. This post will show Listing Active and Completed Campaigns, Searching for a specific Campaign and returning the full details for a Campaign.

The IdentityNow v1 API’s and v2 API’s don’t expose endpoints for IdentityNow Certification Campaigns so access will be via the non-public/versioned Certification API’s.  … [Keep reading] “Accessing SailPoint IdentityNow Certification Campaigns using PowerShell”

Adding Delta Sync Support to the Microsoft Identity Manager PowerShell Management Agent for Workday HR

31st of October, 2018 / / No Comments

Recently I posted a sample Microsoft Identity Manager Management Agent for Workday HR. Subsequently I also posted about some updates I made to the WorkdayAPI PowerShell Module to enable functionality to specify the time period to return changes for. This post details updating  my sample Workday Management Agent to support Delta Synchronisation.

WorkdayAPI PowerShell Module

First up you will need the updated WorkdayAPI PowerShell Module that provides the Get-WorkdayWorkerAdv cmdlet and can take a time period to return information for.… [Keep reading] “Adding Delta Sync Support to the Microsoft Identity Manager PowerShell Management Agent for Workday HR”

Updated: Azure AD B2B Guest Invitations Microsoft Identity Manager Management Agent

30th of October, 2018 / / No Comments

In August I posted this that detailed Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager. More recently Microsoft updated the Microsoft Graph to include additional information about Azure AD B2B Guest users and I wrote this that creates HTML Reports based off these new attributes.

That information is also handy when managing the lifecyle of Azure AD B2B Users. As we do that using Microsoft Identity Manager I’ve updated my Azure AD B2B Guest Invitation Management Agent for these attributes so they can be used in the lifecycle logic.… [Keep reading] “Updated: Azure AD B2B Guest Invitations Microsoft Identity Manager Management Agent”

Enrolling and using both Microsoft Authenticator and a YubiKey Physical Token with Azure MFA

26th of October, 2018 / / No Comments

Microsoft have just announced the Public Preview for Hardware OATH Tokens such as the Yubico YubiKey with Azure MFA. In this very long and graphic heavy post I show the end-to-end setup and use of a YubiKey physical token from Yubico as a Multi-Factor Authentication (MFA) second factor authentication method to Azure AD/Office 365.

Specifically I detail;

  • the user experience using a YubiKey Hardware Token with Azure MFA
  • the administrator configuration process for admin enabled YubiKey physical tokens for use with Azure MFA
  • a user enrolling a YubiKey physical token as an additional method for use with Azure MFA
  • switching second-factor authentication methods when authenticating to Azure AD / Office 365

For the process I show here;

  • the Admin account I’m using to do the configuration is a Global Admin
  • the user I’m enabling the token for
    • is assigned an Enterprise Mobility + Security E3 license
    • is enabled for MFA
    • was enrolled in MFA using the Microsoft Authenticator App.
[Keep reading] “Enrolling and using both Microsoft Authenticator and a YubiKey Physical Token with Azure MFA”