I came across a need to know when a certificates and secrets are about to expire on Azure app registrations, but there was no native way for me do this, expect to just scroll down the application registration list and look for “Expirer soon”, and that didn’t really do it for me.
So, I decided to look for way to get notified a number of days before a secret or a certificate will expire using PowerShell. I ended up writing this script and then running it using an Automation Account in Azure, but you can run this script everywhere, if you have the Microsoft Graph PowerShell module installed on the platform of your choice.
What is InterpretedUserType in Microsoft Teams?
I decided to write this blog to help other people get a better understanding of what InterpretedUserType is. My first in encounter with InterpretedUserType was almost a year ago when I was troubleshooting why a user in my Teams environment couldn’t receive PSTN phone calls using Direct Routing even though the user was enabled for … Read more
Connect to Microsoft Graph with PowerShell using a certificate and an Azure service principal.
Microsoft Graph is the new black. It may not be new for you, but nevertheless it’s important to know that Microsoft is putting a lot of effort into to the Microsoft Graph PowerShell module, and by doing so, The Azure AD PowerShell module and the PowerShell module Microsoft Online (MSOL) is soon to be retried by Microsoft and to be completely replaced with Microsoft Graph instead. You can read more about that here: https://azure.microsoft.com/en-us/updates/update-your-apps-to-use-microsoft-graph-before-30-june-2022/
Like any other PowerShell Module from Microsoft, you need to authenticate to the service using some form of credential type (username/password + MFA fx.), and the Microsoft Graph is no exception (surprise!) In this post we won’t be focused on the username/password authentication, but instead we will be using a certificate. The reason for this, is the purpose of using an authentication method to be used in automation scripts that can be run unattended in scheduled task or an Azure Automation account in a secure way. (We don’t want to have username/password in plain text in the code and the MFA prompt might be an issue).
But to use a certificate as our authentication method we need to have an Azure service principal.
It’s the service principal that will ‘perform’ our actions in PowerShell using the Microsoft Graph. This blog will cover how to create both the certificate and the service principal and demonstrate how to connect to Microsoft Graph.
Getting started with Azure SFTP
Intro
A few days ago Microsoft announced that you will be able to use an Azure Storage Account as SFTP (Secure File Transfer Protocol). This is a feature that a lot of people have been waiting for a long time. Please bear in mind that SFTP on a Storage Account is still in preview and lot might change in the regards to functionalities.
Azure SFTP is the right now the closest thing that you can get to FTP-as-a-Service, it’s something that I have been looking forward to myself for a long time (I can now finally shutdown my FTP server maybe). The need for (S)FTP has been in decline for a long time because there are a lot of great tools out there that can be used to share files and collaborate on said files. (Microsoft SharePoint, OneDrive etc.)
The need for SFTP is from my point of view still valid, when you need to share a large file with another company. One case for it is that you need to share a big database (.bak) with another person. Another case is you need to receive a lot of files from a vendor that you need in a program. Then SFTP might be more suited for your needs.
As I said, there are still many valid needs for SFTP.
Add new dates to Teams holidays using PowerShell
So, here we are again – A new year (and new me?) after the last holiday is over it’s time for a new year and that lucky means new holidays in sight, but in order to truly be off duty, you might need to update your holidays in Teams Admin Center (TAC) so that you … Read more
Set or change a Teams users call forwarding settings with PowerShell
So, as the title says, its now possible to manage a user in your Team tenants call forwarding settings. This is a feature that has been missed by many UC administrator since Teams replaced Skype for Business. But now it’s finally here – Sort of, the features is in preview. The features was release with the new preview version of the Microsoft Teams PowerShell module on the 9 December.
Using Azure Service principal to run PowerShell script on Azure SQL server (Managed instance)
Azure service principals (or App regs.) is nice secure way to connect to fx. a Azure SQL manage instance and then perform querys using PowerShell. This is an ideal alternativ to using a local Service Account. The upside to this is that you can authenticate with a secret or with a certificate that you create for yourself or the machine you are running your script(s) from.
Assign Azure SQL database permissions to AAD group
Intro
When you create an Azure SQL database (DB) right of the bat, you will be faced with the need to assign permission in the database to users or security groups. Normally on an on-premises SQL DB it’s no problem and can be done using the GUI in SSMS. But for an Azure SQL DB, there is no GUI to assign permissions, you will need to use SQL queries to assign permissions to users or groups. Let me show you how to assign SQL DB permissions to a AAD security group.
How to create a Azure SQL server and a Database
So I was asked today to provide my good friend and colleague Martin Bengtsson with an Azure SQL Database (DB) for project regarding reporting from Config manager using Power BI.
First thing first, you cannot just create a SQL DB azure, you need to have a SQL server – As-a-Service. Then you can create all the databases you need.
Add custom domain to Azure App Service
I got a call last night from our in-house developer, he had created a website, to be used the following morning, and he needed to get a Custom domain name setup.
Here is how to setup a Custom Domain name for your Azure App Service