Securely storing and retrieving credentials with Azure Key Vault in PowerShell scripts

When you are writing PowerShell scripts to automate various tasks in your everyday life in IT, the hardest part is often how to store the credentials to be used in your code in a secure way. In this blog post I want to show you how you can use an Azure Key Vault to store … Read more

Securing Service Principals in Microsoft Entra ID with Conditional Access policies

Service Principals in your Microsoft cloud environment has long been a nice and convenient way to provide access to resources like SharePoint Online, Entra ID, Microsoft Graph or Azure resources by using a secret (password) or a certificate, and by then combining it with the client ID (username) for the Service Principles to be able … Read more

Modifying the attribute mapping in API-driven provisioning to on-premises Active Directory.

This blog post is a small continuation of the blog post about Getting started with API-driven Inbound User Provisioning to On-Premises AD, but in this blog, I’m going to show you how to modify the API and Active Directory mapping of attributes when you are provisioning users. This is useful if want to customize mapping … Read more

Getting started with API-driven Inbound User Provisioning to On-Premises AD

API-driven Inbound User Provisioning to On-Premises AD is a feature that I personally have been really excited about for quite some time. I started working with it when it was in public preview around June 2023 and it went to General Availability in early 2024.API-driven Inbound User Provisioning is streamlined way of managing users in … Read more

Connect to Microsoft Teams PowerShell using Azure App reg. (Service principal) 

Intro
Not long ago Microsoft finally release a new version for the Microsoft Teams PowerShell module (4.8.0) that adds the ability to authenticate to Microsoft Teams using a Azure App reg. 
Using a Azure App reg. Is in my opnion the most secure way to authenticate when you are running scheduled task (or simlar). So if you are not using this method in your automation scripts with Teams, you should start ajusting (on your own risk ofc). 
The ability to use this method to authenticate has not been working for at least 1½ year (as of this writing) so I’m very excited to share the method with you guys. 

Read more

Monitor Azure App registration secret / certificate expiry with PowerShell

I came across a need to know when a certificates and secrets are about to expire on Azure app registrations, but there was no native way for me do this, expect to just scroll down the application registration list and look for “Expirer soon”, and that didn’t really do it for me.
So, I decided to look for way to get notified a number of days before a secret or a certificate will expire using PowerShell. I ended up writing this script and then running it using an Automation Account in Azure, but you can run this script everywhere, if you have the Microsoft Graph PowerShell module installed on the platform of your choice.

Read more

What is InterpretedUserType in Microsoft Teams?

I decided to write this blog to help other people get a better understanding of what InterpretedUserType is. My first in encounter with InterpretedUserType was almost a year ago when I was troubleshooting why a user in my Teams environment couldn’t receive PSTN phone calls using Direct Routing even though the user was enabled for … Read more

Connect to Microsoft Graph with PowerShell using a certificate and an Azure service principal.

Microsoft Graph is the new black. It may not be new for you, but nevertheless it’s important to know that Microsoft is putting a lot of effort into to the Microsoft Graph PowerShell module, and by doing so, The Azure AD PowerShell module and the PowerShell module Microsoft Online (MSOL) is soon to be retried by Microsoft and to be completely replaced with Microsoft Graph instead. You can read more about that here: https://azure.microsoft.com/en-us/updates/update-your-apps-to-use-microsoft-graph-before-30-june-2022/

Like any other PowerShell Module from Microsoft, you need to authenticate to the service using some form of credential type (username/password + MFA fx.), and the Microsoft Graph is no exception (surprise!) In this post we won’t be focused on the username/password authentication, but instead we will be using a certificate. The reason for this, is the purpose of using an authentication method to be used in automation scripts that can be run unattended in scheduled task or an Azure Automation account in a secure way. (We don’t want to have username/password in plain text in the code and the MFA prompt might be an issue).
But to use a certificate as our authentication method we need to have an Azure service principal.

It’s the service principal that will ‘perform’ our actions in PowerShell using the Microsoft Graph. This blog will cover how to create both the certificate and the service principal and demonstrate how to connect to Microsoft Graph.

Read more