Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell

16th of August, 2016 / Darren Robinson / 10 Comments

Background

A colleague and I are validating a number of scenarios for a customer who is looking to deploy Azure MFA Server. One of the requirements from an Identity Management perspective is the ability to interact with the MFA Server for user information. That led us on the exploration of what was possible and how best to approach it.

The title of this post has pretty much given it away as to how. But why ?… [Keep reading] “Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell”

Monitoring Azure WebJobs Health with Application Insights

11th of August, 2016 / Paco de la Cruz / 11 Comments

Introduction

Azure WebJobs have been available for quite some time and have become very popular for running background tasks with programs or scripts. WebJobs are deployed as part of Azure App Services (Web Apps), which include their companion site Kudu. Kudu provides a lot of features, including a REST API, which provides operations for source code management (SCM), virtual file system, deployments, accessing logs, and for WebJob management as well. The Kudu WebJobs API provides different operations including listing WebJobs, uploading a WebJob, or triggering it.… [Keep reading] “Monitoring Azure WebJobs Health with Application Insights”

Setting up Always On Availability Groups for SQL Server in Azure

11th of August, 2016 / Peter Aram / 5 Comments

Almost all organisations rely on data, be it in the form of files or databases (SQL, Oracle…). The most challenging aspect of managing data for any organisation is high-availability and disaster recovery. Starting with the release of SQL Server 2012 (Enterprise Edition) Microsoft introduced “Always On Availability Groups”.

This powerful capability ensures your databases are synchronised through one or more replicas (SQL Servers).

While Azure offers an Infrastructure as a Service capability, the mechanisms used to setup many of the requirements for an Always On Availability Group are different to those in a traditional environment.… [Keep reading] “Setting up Always On Availability Groups for SQL Server in Azure”

Getting Users, Groups & Contacts via the Azure Graph API using Differential Query & PowerShell

11th of August, 2016 / Darren Robinson / 1 Comment

This is the final post in a series detailing using PowerShell to leverage the Azure AD Graph API. For those catching up it started here introducing using PowerShell to access the Azure AD via the Graph API, licensing users in Azure AD via Powershell and the Graph API, and returning all objects using paging via Powershell and the Graph API.

In this post I show how to;

enumerate objects from Azure AD via Powershell and the Graph API, and set a delta change cookie
enumerate changes in Azure AD since the last query
return objects that have changed since the last query
return just the changed attributes on objects that have changed since the last query
get a differential sync from now delta change link

Searching through MSDN and other resources working this out I somehow stumbled upon a reference to changes in the API that detail the search filters.… [Keep reading] “Getting Users, Groups & Contacts via the Azure Graph API using Differential Query & PowerShell”

Enumerating all Users/Groups/Contacts in an Azure tenant using PowerShell and the Azure Graph API ‘odata.nextLink’ paging function

10th of August, 2016 / Darren Robinson / 7 Comments

Recently I posted about using PowerShell and the Azure Active Directory Authentication Library to connect to Azure AD here. Whilst that post detailed performing simple tasks like updating an attribute on a user, in this post I’ll use the same method to connect to Azure AD via PowerShell but cover;

enumerate users, contacts or groups
where the number of objects is greater than the maximum results per page, get all remaining pages of results
limit results based on filters

The premise of my script was one that could just be executed without prompts.… [Keep reading] “Enumerating all Users/Groups/Contacts in an Azure tenant using PowerShell and the Azure Graph API ‘odata.nextLink’ paging function”

A Twitter Management Agent for Microsoft Identity Manager

5th of August, 2016 / Darren Robinson / 1 Comment

In the last couple of weeks I’ve been evaluating a number of different approaches/concepts for some upcoming MIM development projects. Some of these I’ve blogged about already.

Having an Identity Manager Metaverse with identity data is a key dependency to being able to validate ideas and concepts. So what’s a good source of some interesting and varied identity data with string, integer, reference, and boolean attributes? Twitter? Yeah why not. There’s an API. Should be pretty quick to get some sample data right?… [Keep reading] “A Twitter Management Agent for Microsoft Identity Manager”

Azure Deployment Models And How To Migrate From ASM to ARM

4th of August, 2016 / hughbadini / 9 Comments

This is a post about the two deployment models currently available in Azure, Service Management (ASM) and Resource Manager (ARM). And how to migrate from one to the other if necessary.

About the Azure Service Management deployment model

The ASM model, also known as version 1 and Classic mode, started out as a web interface and a backend API for the PaaS services Azure opened with at launch.

Features

ASM deployments are based on an XML schema.

… [Keep reading]

Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI

3rd of August, 2016 / Darren Robinson / 3 Comments

In a recent blog post here I posted about the Azure AD v2.0 Preview Powershell cmdlets that are currently in preview. These update the functionality the current MSOL cmdlets provide whilst also supporting features they don’t (such as managing users with MFA).

The Azure AD v2.0 cmdlets interface with the Azure AD Graph API and this week I tried using the Set-AzureADUserLicense cmdlet to add/remove licenses from users in a test tenant. With no sample documentation for syntax I didn’t kick any goals so I figured I’d just go straight to using the Azure AD Graph API to get the job done direct from Powershell instead.… [Keep reading] “Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI”

Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module

28th of July, 2016 / Darren Robinson / 9 Comments

I have a customer that is looking to report on FIM/MIM identity information. The reports they are looking for aren’t overly complex and don’t necessarily justify the need the full FIM/MIM reporting infrastructure. So I spent a few hours over a couple of days looking at alternatives. In this blog post I give an overview of using the awesome Lithnet FIM/MIM Sync Service PowerShell Module recently released from Ryan Newington to do basic reporting on the Microsoft (Forefront) Identity Manager Metaverse into PowerBI.… [Keep reading] “Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module”

Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API

26th of July, 2016 / Darren Robinson / No Comments

Update: April 13 2017. 
See this post for adapting to changes in the AzureAD 
PowerShell Module Helper Libraries

Recently Microsoft released the preview of the v2.0 Azure AD PowerShell cmdlets. https://azure.microsoft.com/en-us/updates/azure-ad-new-powershell-cmdlets-preview/

I’ve got a project coming up where I’m looking to change my approach for managing users in Azure using Microsoft Identity Manager. Good timing to do a quick proof of concept to manage users with the new cmdlets and directly using the Graph API in preparation to move away from the msol cmdlets.… [Keep reading] “Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API”