Hi All, The Microsoft.Graph Modules are updated very often. It annoyed me to update these Modules on my Azure Automation Account. I have now written a Azure Automation Runbook to automate the Update of the Microsoft.Graph Modules. It uses Managed Identity and updates the PowerShell 5.1 and 7.1 Modules.
As mentioned the Azure Automation Account has a system assigned Service Principal
That Service Principal needs Contributor Permissions on the Azure Automation Account
Hi All, A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings EnrichedOffice365AuditLogs MicrosoftGraphActivityLogs I've enabled all those logs
But i could not see any new Tables in the Log Analytics Workspace
So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :(
Integrate Azure AD logs with Azure Monitor logs
Hi All, Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery. Az 9.5.0
https://www.powershellgallery.com/packages/az/9.5.0 Release Notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ #Run Script directly from GitHub $ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1" Invoke-Expression $($ScriptFromGitHub.Content) The AZ Module is just a Wrapper Module for all AZ* Modules Get-InstalledModule AZ* Regards Andres Bohren
Hi All,
I wanted to monitor the Performance of my Blog. I’ve added Application Insights to my Azure Subscription and under “Availablility” i have added a “Classic test”.
MS Learn Monitor availability with URL ping tests URL ping test:
Add the URL, the Regions where you want to test from, the Response Code and Timeout. In my case i don’t need an Alert.
After a few days you can se now the Availability is at 100%
Hi All, Did you notice that you can download Conditional Access Templates. The Templates are documented in the Conditional Access Doumentation below
Conditional Access templates (Preview)
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common
In Conditional Access Management select "New policy from template"
Now you have a diffrent range of Policys and can download the JSON
Back in Conditional Access select "Upload policy file"
Select your JSON File and choose between "Off", "On", "Report only"
After that your Policy is created
Hi All, Today i had an interesting case with AzureAD Connect Synchronization from Active Directory to Azure Active Directory. The Customer is in the middle of a reorganization and was changing the Domain.
I've added the new UPN to the UPN Suffixes in Azure AD (domain.msc > Properties) We addet the new Domain to the M365 Tenant Then i've changed the UPN Suffix of a Testuser. But the UPN did not change in AzureAD after the AAD Connect Sync Cycle.
Hi All, Yesterday the new Version of the AZ PowerShell Module 9.4.0 has been released to PowerShell Gallery.
Az 9.4.0
https://www.powershellgallery.com/packages/AZ/9.4.0
Azure PowerShell release notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-9.4.0
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
Hi All, While checking the Devices in my M365 Tenant i was stumbled over the Stale Devices.
The List shows Devices that have an acivity more than 6 Months ago
Let's check if we can get that Information with Microsoft.Graph PowerShell Connect-MgGraph -Scopes Directory.ReadWrite.All, Directory.AccessAsUser.All
Get-MgDevice
Now we need to get the Devices that are older than six Months $Devices = Get-MgDevice
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
We can format that a little better $Devices | where {$_.
Hi All, I had the "pleasure" again this week to Document the Azure AD Policies. Making several Screenshots in the Azure AD Portal seemed not the best way.
MSGraph: List Conditional Access policies
https://learn.microsoft.com/en-us/graph/api/conditionalaccessroot-list-policies?view=graph-rest-1.0&tabs=http So tried to use the Microsoft Graph Explorer https://aka.ms/ge You need the Permission: Policy.Read.All https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies While using the JSON could be one way. It's not very good if you have to Document it in a Word Document right.
Hi All, I recently had a case where i needed to access the AzureAD Signin Logs with PowerShell.
I've started at the Azure AD Signin Logs and filtered by UPN
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/SignIns Next step was Graph Explorer where i found the needed Permissions
###############################################################################
# Graph Explorer
###############################################################################
#Go to https://aka.ms/ge
https://graph.microsoft.com/v1.0/auditLogs/signIns
https://graph.microsoft.com/v1.0/auditLogs/signIns?&$filter=startsWith(userPrincipalName,'a.bohren@icewolf.ch')
Let's connect with these Permissions (they need Admin Consent and i already have that)
#Import-Module and Connect to Microsoft Graph
