Office365 License Reporting in PowerBI from Microsoft Identity Manager

29th of August, 2016 / / 8 Comments

 

Overview

A common request I’m hearing from my customers is visibility of Office365 licensing. Typically this is more from the management staff over the technical team as they don’t have the know-how to get the info themselves. From a management perspective it is also about making sure they get full use of their licensing entitlements. Also to know when they are running close to their licensing limit and the conversations about procuring additional licenses need to be had.… [Keep reading] “Office365 License Reporting in PowerBI from Microsoft Identity Manager”

Office365 Licensing Management Agent for Microsoft Identity Manager

26th of August, 2016 / / 5 Comments

Licensing for Office365 has always been a moving target for enterprise customers. Over the years I’ve implemented a plethora of solutions to keep licensing consistent with entitlement logic. For some customers this is as simple as everyone gets say, an E3 license. For other institutions there are often a mix of ‘E’ and ‘K’ licenses depending on EmployeeType.

Using the Granfeldt PowerShell Management Agent to import Office365 Licensing info

In this blog post I detail how I’m using Søren Granfeldt’s extremely versatile PowerShell Management Agent yet again.… [Keep reading] “Office365 Licensing Management Agent for Microsoft Identity Manager”

Filtering images across a custom FIM / MIM ECMA import MA

22nd of August, 2016 / / No Comments

A recent customer had a special request when I was designing and coding a new ECMA 2.2 based Management Agent (MA) or “Connector” for Microsoft Forefront Identity Manager (FIM).

(On a sidenote: FIM’s latest release is now Microsoft Identity Manager or “MIM”, but my customer hadn’t upgraded to the latest version).

Kloud previously were engaged to write a new ECMA based MA for Gallagher 7.5 (a door security card system) to facilitate the provisioning of access and removal of access tied to an HR system.… [Keep reading] “Filtering images across a custom FIM / MIM ECMA import MA”

Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell

16th of August, 2016 / / 10 Comments

Background

A colleague and I are validating a number of scenarios for a customer who is looking to deploy Azure MFA Server. One of the requirements from an Identity Management perspective is the ability to interact with the MFA Server for user information. That led us on the exploration of what was possible and how best to approach it.

The title of this post has pretty much given it away as to how. But why ?… [Keep reading] “Connecting to and Using the Azure MFA Web Service SDK Server SOAP API with Powershell”

A Twitter Management Agent for Microsoft Identity Manager

5th of August, 2016 / / 1 Comment

In the last couple of weeks I’ve been evaluating a number of different approaches/concepts for some upcoming MIM development projects. Some of these I’ve blogged about already.

Having an Identity Manager Metaverse with identity data is a key dependency to being able to validate ideas and concepts. So what’s a good source of some interesting and varied identity data with string, integer, reference, and boolean attributes? Twitter? Yeah why not. There’s an API. Should be pretty quick to get some sample data right?… [Keep reading] “A Twitter Management Agent for Microsoft Identity Manager”

Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI

3rd of August, 2016 / / 3 Comments

In a recent blog post here I posted about the Azure AD v2.0 Preview Powershell cmdlets that are currently in preview. These update the functionality the current MSOL cmdlets provide whilst also supporting features they don’t (such as managing users with MFA).

The Azure AD v2.0 cmdlets interface with the Azure AD Graph API and this week I tried using the Set-AzureADUserLicense cmdlet to add/remove licenses from users in a test tenant. With no sample documentation for syntax I didn’t kick any goals so I figured I’d just go straight to using the Azure AD Graph API to get the job done direct from Powershell instead.… [Keep reading] “Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI”

Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser

1st of August, 2016 / / 2 Comments

We recently came across an issue with a customer where they had configured a standard SSO experience with Office 365 using ADFS and it was working perfectly except for a specific use case.   When a user accesses the office store via the Office 365 portal (e.g. portal.office.com/store) they got into an endless SSO login loop.  Specfically, they would see the following:

  1. Connection to Portal.Office.com
  2. Redirection to login.microsoftonline.com
  3. Redirection to adfs.customerdomain.com (automatically signed in because of WIA SSO)
  4. Redirection to login.microsftonline.com
[Keep reading] “Debugging an Office 365 ADFS/SSO issue when accessing Office Store in browser”

Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module

28th of July, 2016 / / 9 Comments

I have a customer that is looking to report on FIM/MIM identity information. The reports they are looking for aren’t overly complex and don’t necessarily justify the need the full FIM/MIM reporting infrastructure. So I spent a few hours over a couple of days looking at alternatives. In this blog post I give an overview of using the awesome Lithnet FIM/MIM Sync Service PowerShell Module recently released from Ryan Newington to do basic reporting on the Microsoft (Forefront) Identity Manager Metaverse into PowerBI.… [Keep reading] “Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module”

Modern Authentication and MAPI-HTTP

27th of July, 2016 / / No Comments

If you haven’t heard, Modern Authentication (aka ADAL), has now officially gone GA (https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/) – which means that if you are utilising Office 365 services, particularly Exchange Online, and Office 2013/2016 as your client, you should really be looking at enabling this functionality for your end users.

For those unfamiliar with Modern Auth, there are numerous benefits, but one of the most obvious for end users is it removes the need for the use of ‘save my credentials’ when signing into Exchange Online and provides a true SSO experience when combined with ADFS Federation.… [Keep reading] “Modern Authentication and MAPI-HTTP”