christianfrohn.dk

Securing Service Principals in Microsoft Entra ID with Conditional Access policies

April 26, 2024April 22, 2024 by Christian Frohn

Service Principals in your Microsoft cloud environment has long been a nice and convenient way to provide access to resources like SharePoint Online, Entra ID, Microsoft Graph or Azure resources by using a secret (password) or a certificate, and by then combining it with the client ID (username) for the Service Principles to be able … Read more

Modifying the attribute mapping in API-driven provisioning to on-premises Active Directory.

June 4, 2024April 18, 2024 by Christian Frohn

This blog post is a small continuation of the blog post about Getting started with API-driven Inbound User Provisioning to On-Premises AD, but in this blog, I’m going to show you how to modify the API and Active Directory mapping of attributes when you are provisioning users. This is useful if want to customize mapping … Read more

Getting started with API-driven Inbound User Provisioning to On-Premises AD

June 4, 2024April 10, 2024 by Christian Frohn

API-driven Inbound User Provisioning to On-Premises AD is a feature that I personally have been really excited about for quite some time. I started working with it when it was in public preview around June 2023 and it went to General Availability in early 2024.API-driven Inbound User Provisioning is streamlined way of managing users in … Read more

Import SQL query from GitHub repository into a PowerShell script.

April 5, 2024 by Christian Frohn

I want to emphasize that this blog post should ONLY be used with code that you are totally confident in, ideally your own code. This is something I have been wanting to achieve for some time now. Over the last couple of months, I have been working a on project with a colleague where I … Read more

Connect to Microsoft Teams PowerShell using Azure App reg. (Service principal)

June 22, 2024November 13, 2022 by Christian Frohn

Intro
Not long ago Microsoft finally release a new version for the Microsoft Teams PowerShell module (4.8.0) that adds the ability to authenticate to Microsoft Teams using a Azure App reg.
Using a Azure App reg. Is in my opnion the most secure way to authenticate when you are running scheduled task (or simlar). So if you are not using this method in your automation scripts with Teams, you should start ajusting (on your own risk ofc).
The ability to use this method to authenticate has not been working for at least 1½ year (as of this writing) so I’m very excited to share the method with you guys.

Monitor Azure App registration secret / certificate expiry with PowerShell

June 2, 2024September 24, 2022 by Christian Frohn

I came across a need to know when a certificates and secrets are about to expire on Azure app registrations, but there was no native way for me do this, expect to just scroll down the application registration list and look for “Expirer soon”, and that didn’t really do it for me.
So, I decided to look for way to get notified a number of days before a secret or a certificate will expire using PowerShell. I ended up writing this script and then running it using an Automation Account in Azure, but you can run this script everywhere, if you have the Microsoft Graph PowerShell module installed on the platform of your choice.

What is InterpretedUserType in Microsoft Teams?

June 22, 2024May 18, 2022 by Christian Frohn

I decided to write this blog to help other people get a better understanding of what InterpretedUserType is. My first in encounter with InterpretedUserType was almost a year ago when I was troubleshooting why a user in my Teams environment couldn’t receive PSTN phone calls using Direct Routing even though the user was enabled for … Read more

Connect to Microsoft Graph with PowerShell using a certificate and an Azure service principal.

June 2, 2024April 23, 2022 by Christian Frohn

Microsoft Graph is the new black. It may not be new for you, but nevertheless it’s important to know that Microsoft is putting a lot of effort into to the Microsoft Graph PowerShell module, and by doing so, The Azure AD PowerShell module and the PowerShell module Microsoft Online (MSOL) is soon to be retried by Microsoft and to be completely replaced with Microsoft Graph instead. You can read more about that here: https://azure.microsoft.com/en-us/updates/update-your-apps-to-use-microsoft-graph-before-30-june-2022/

Like any other PowerShell Module from Microsoft, you need to authenticate to the service using some form of credential type (username/password + MFA fx.), and the Microsoft Graph is no exception (surprise!) In this post we won’t be focused on the username/password authentication, but instead we will be using a certificate. The reason for this, is the purpose of using an authentication method to be used in automation scripts that can be run unattended in scheduled task or an Azure Automation account in a secure way. (We don’t want to have username/password in plain text in the code and the MFA prompt might be an issue).
But to use a certificate as our authentication method we need to have an Azure service principal.

It’s the service principal that will ‘perform’ our actions in PowerShell using the Microsoft Graph. This blog will cover how to create both the certificate and the service principal and demonstrate how to connect to Microsoft Graph.

Getting started with Azure SFTP

April 17, 2022 by Christian Frohn

Intro
A few days ago Microsoft announced that you will be able to use an Azure Storage Account as SFTP (Secure File Transfer Protocol). This is a feature that a lot of people have been waiting for a long time. Please bear in mind that SFTP on a Storage Account is still in preview and lot might change in the regards to functionalities.
Azure SFTP is the right now the closest thing that you can get to FTP-as-a-Service, it’s something that I have been looking forward to myself for a long time (I can now finally shutdown my FTP server maybe). The need for (S)FTP has been in decline for a long time because there are a lot of great tools out there that can be used to share files and collaborate on said files. (Microsoft SharePoint, OneDrive etc.)
The need for SFTP is from my point of view still valid, when you need to share a large file with another company. One case for it is that you need to share a big database (.bak) with another person. Another case is you need to receive a lot of files from a vendor that you need in a program. Then SFTP might be more suited for your needs.
As I said, there are still many valid needs for SFTP.

Add new dates to Teams holidays using PowerShell

June 23, 2024April 17, 2022 by Christian Frohn

So, here we are again – A new year (and new me?) after the last holiday is over it’s time for a new year and that lucky means new holidays in sight, but in order to truly be off duty, you might need to update your holidays in Teams Admin Center (TAC) so that you … Read more