Creating an AzureAD WebApp using PowerShell to leverage Certificate Based Authentication

17th of August, 2017 / / No Comments

Introduction

Previously I’ve posted about using PowerShell to access the Microsoft AzureAD/Graph API in a number of different ways. Two such examples I’ve listed below. The first uses a Username and Password method for Authentication, whilst the second uses a registered application and therefore ClientID and Client Secret.

As time has gone on I have numerous WebApp’s doing all sorts of automation.… [Keep reading] “Creating an AzureAD WebApp using PowerShell to leverage Certificate Based Authentication”

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3

11th of August, 2017 / / No Comments

Introduction

As the title suggests this is Part 3, and the final part in a three-part post on configuring FIM/MIM to synchronise users passwords from AD to the Domino ID Vault via PCNS and FIM/MIM.
Part 1 here detailed the creation of a PowerShell Management Agent to join users from Domino to the MIM Sync Metaverse.
Part 2 here detailed the creation and configuration of the Domino Agents to receive password changes via the PS MA into the ID Vault.… [Keep reading] “Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3”

UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

10th of August, 2017 / / No Comments

Earlier this week I posted this blog post that showed a working example of using a custom Pwned Password FIM/MIM Management Agent to flag a boolean attribute in the MIM Service to indicate whether a users password is in the pwned password dataset or not. If you haven’t read that post this won’t make a lot of sense, so read that then come back.
The solution when receiving a new password for a user (via Microsoft Password Change Notification Service) was checking against the Have I Been Pwned API.… [Keep reading] “UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager”

SharePoint Online forecast storage requirements

10th of August, 2017 / / No Comments

Background

Office 365 users get quite a bit of storage on SharePoint Online for content, be it files, metadata, etc. But still to manage the storage and forecast as to when additional storage has to be added becomes a challenge with very limited analytics available in SharePoint Online. Since adding more storage cost money so adding before you actually require or a bit too late would not be ideal.
SharePoint Online provides two ways to track the storage one from the admin center and other one from within the site collection using Storage metrics.… [Keep reading] “SharePoint Online forecast storage requirements”

SharePoint Online external user access error "User Not in directory"

10th of August, 2017 / / No Comments

Background

Organization wants to share their SharePoint online site collection, documents and collaborate with external partners, vendors or customers. By default site collection are shared to internal user’s only. But this can be extended to authenticated external users or also with limited sharing to anonymous users. External users do not have a license to office 365 subscription, they are limited to basic collaboration tasks.
I had recently enabled external access for site collection on the SPO tenant only to selected domains and authenticated external users.… [Keep reading] “SharePoint Online external user access error "User Not in directory"”

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 1

9th of August, 2017 / / No Comments

Introduction

Recently I wrote about getting started with the latest IBM/Lotus Notes/Domino Management Agent for Microsoft Identity Manager. In a recent engagement we are using that MA to provision and manage identities into Domino. We are also using the MA to synchronise passwords via PCNS and MIM to the Notes users’ Internet (HTTP) password.
What you may or may not be aware of is that IBM introduced a new feature with Domino 8.5 called the ID Vault.… [Keep reading] “Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 1”

Enabling and Scripting Azure Virtual Machine Just-In-Time Access

24th of July, 2017 / / No Comments

Last week (19 July 2017) one of Microsoft’s Azure Security Center’s latest features went from Private Preview to Public Preview. The feature is Azure Just in time Virtual Machine Access.

What is Just in time Virtual Machine access ?

Essentially JIT VM Access is a wrapper for automating an Azure Network Security Group rule set for access to an Azure VM(s) for a temporal period on a set of network ports restricted to a source IP/Network.… [Keep reading] “Enabling and Scripting Azure Virtual Machine Just-In-Time Access”

Quickly deploying all the things from Excel with PowerShell

7th of July, 2017 / / 3 Comments

As an ex-Excel Developer, I tend to resolve any perceived inefficiencies when dealing with any tabular data by automating the snot out of it with Excel and VBA. As a SharePoint developer, there is no shortage of stuff that we need to provision into SharePoint to build business solutions, often repeatedly throughout the development cycle or between environments (Dev, Test, UAT, etc).
PowerShell was always going to be the automation tool of choice, and while PowerShell scripts are commonly fed with CSV files of flat tabular data, editing those has always been painful if you’ve got more than a handful of rows.… [Keep reading] “Quickly deploying all the things from Excel with PowerShell”

Integration of Microsoft Identity Manager with Azure Platform-as-a-Service Services

14th of June, 2017 / / 1 Comment

Overview

This isn’t an out of the box solution. This is a bespoke solution that takes a number of elements and puts them together in a unique way. I’m not expecting anyone to implement this specific solution (but you’re more than welcome to) but to take inspiration from it to implement solutions relevant to your environment(s). This post supports a presentation I did to The MIM Team User Group on 14 June 2017.
This post describes a solution that;

  • Leverages an Azure WebApp (NodeJS) to present a simple website.
[Keep reading] “Integration of Microsoft Identity Manager with Azure Platform-as-a-Service Services”

Try/Catch works in PowerShell ISE and not in PowerShell console

30th of May, 2017 / / No Comments

I recently encountered an issue with one of my PowerShell scripts. It was a script to enable litigation hold on all mailboxes in Exchange Online.
I connected to Exchange Online via the usual means below.

$creds = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Creds -Authentication Basic -AllowRedirection
Import-PSSession $session -AllowClobber

I then attempted to execute the following with no success.

try
{
Set-Mailbox -Identity $user.UserPrincipalName -LitigationHoldEnabled $true -ErrorAction Stop
}
catch
{
Write-Host "ERROR!"
[Keep reading] “Try/Catch works in PowerShell ISE and not in PowerShell console”