Building Event-Driven Automations in Microsoft 365 Using Graph Subscriptions

Building Event-Driven Automations in Microsoft 365 Using Graph Subscriptions

Comments 0 Comment

Objective

This post demonstrates how to use Microsoft Graph Subscriptions to create event-driven automation in Microsoft 365. Graph Subscriptions allow applications to receive real-time notifications when specific changes occur within Microsoft 365 resources such as users, groups, or mailboxes, without the need for constant polling. By subscribing to these change events, we can build responsive workflows that automatically react to updates like group membership changes and trigger downstream actions in Azure Functions or Automation Accounts.

In this article, I will create a Microsoft Graph Subscription that listens for changes to a specific group’s membership. When a user is added or removed, it triggers an Azure Function that identifies the user, looks them up in Microsoft 365, and then adds or removes them from the Proofpoint portal accordingly.

A subscription lifespan is dependent on the resource with some as short as 1 hour. Refer to the subscription lifetime documentation for more

Continue...
Auto Deploy Progressive Web Applications (PWA) using Intune or PowerShell

Auto Deploy Progressive Web Applications (PWA) using Intune or PowerShell

Comments 2 comments

Objective

In this article I will walk you through installing progressive web app’s, or PWA’s to endpoint machines using either PowerShell or Microsoft Intune. You may want to do this for users with frontline licenses that grant them web apps but not full desktop application’s.

What are Progressive Web Applications?

Progressive Web Apps (PWAs) are web applications that use modern web technologies to deliver an app-like experience to users, but without requiring them to install a traditional app from an app store. Think of them as a blend between websites and mobile/desktop apps.

Resolution

Below, I will walk you through installing PWA’s on end user machines silently, without user interaction.

Intune

The intune configuration policy follows the WebAppInstallForceList. You can currently define default_launch_container, create_desktop_shortcut, fallback_app_name, custom_name, custom_icon and install_as_shortcut. The site goes into detail what each setting configures.

Note: Currently there are … Continue...

Detect Modified SharePoint List Items and Retrieve Old Values in Sharepoint Using Logic Apps

Detect Modified SharePoint List Items and Retrieve Old Values in Sharepoint Using Logic Apps

Comments 0 Comment

Overview

I currently have a SharePoint list with an identity (person or group) column called “Owners,” where I can search for employees and add them to a list item. I then want to e-mail newly added people that they have been added to a list item so they can go and review the details of it.

While SharePoint does have an ‘automate’ feature where you can detect a list item’s column is modified, the only option is to send an email to all the people that are currently in that column. So, if you add a new person, it will re-email everyone who is already there. The other issue is that the e-mail says (below) is non-descript, so your users will be confused about why they are getting it.

Logic Apps does have a trigger that is “When an item is modified,” but its output is the current … Continue...

Automating Code Compliance: AI-Driven Code Style Enforcement for Pull Requests

Automating Code Compliance: AI-Driven Code Style Enforcement for Pull Requests

Comments 0 Comment

Overview

As teams increasingly rely on automation for code quality and compliance, ensuring consistent coding standards can be challenging during the pull request (PR) process. In this article, we explore how to build an AI-powered style enforcement pipeline using modern tools like GPT-4 and CI/CD workflows.

You’ll learn how to:

  • Enforce best practices and team-specific coding guidelines without manual intervention.
  • Integrate automated code reviews into your PR pipelines.
  • Leverage AI to detect style violations, generate actionable reports, and even suggest fixes.

With this in place, you can lower the amount of time code reviews take your engineers, and even have the Pull Request be rejected until the resolutions are addressed and marked as complete.

How It Works

  • We will set up a Pipeline that will be triggered upon a new Pull Request in the repository.
  • If there are modified PowerShell files (ex: .ps1, .psm1, .psd1)
  • Then, import
Continue...
Automated Deployment of a Zero Trust Azure Automation Environment

Automated Deployment of a Zero Trust Azure Automation Environment

Comments 0 Comment

Overview

A common and recommended security practice is only allowing access to an Azure Storage Account via a whitelisted IP address. While this is generally a good idea, a problem arises when you need an Azure Automation Account to access one of these Storage Accounts. Currently, even if you whitelist an entire Azure region, your automation runbook will fail to connect to your Storage Account. Instead, you must use an Azure Private Link to connect Azure Automation to your PaaS Azure Resources securely, but “in the current implementation of Private Link, Automation account cloud jobs cannot access Azure resources that are secured using private endpoint. For example, Azure Key Vault, Azure SQL, Azure Storage account, etc. To workaround this, use a Hybrid Runbook Worker instead. Hence, on-premises VMs are supported to run Hybrid Runbook Workers against an Automation Account with Private Link enabled.” 1

This configuration isn’t as simple as … Continue...

Automatically Detect and Prevent Secrets Leaked into Code within Azure DevOps

Automatically Detect and Prevent Secrets Leaked into Code within Azure DevOps

Comments 0 Comment

Objective

Security vulnerabilities introduced by hardcoded secrets, passwords, or tokens in your source code can significantly compromise the safety of your application and/or infrastructure. A single API key or database connection string committed to a repository can be a gateway for attackers. But how do you ensure sensitive information never enters your codebase? The answer lies in automation.

In this blog post, you’ll learn how to automate secret detection in Azure DevOps using Gitleaks. We’ll set up a pipeline that listens for pull requests (PRs), fetches the latest code changes, and scans them for leaks — failing the PR if any secrets are found.

Why Do We Need Secret Detection

According to GitGuardian’s 2024 report, “State of Secrets Sprawl”, nearly 13 million new secrets were discovered in public GitHub commits, marking a 28% increase. Out of the 1.1 billion commits scanned, more than 1 in … Continue...

Leveraging OpenAI to Enhance Pull Request Management in Azure DevOps

Leveraging OpenAI to Enhance Pull Request Management in Azure DevOps

Comments 0 Comment

Objective

Our goal is to create an automation that significantly enhances the efficiency of our development process. A service hook is triggered when a new Pull Request is created in Azure DevOps, sending a webhook to an Azure Function. This function analyzes the request body, gets all commits in the Pull Request, and sends it to Open AI’s API, which generates a Pull Request message detailing all of the proposed changes from the commits and writes it back to the Azure DevOps Pull Request.

The diagram below gives a high-level overview of how automation works from start to finish.

OpenAI

Generate a new API Key

The first step is to obtain an OpenAI API key to interact with the API. To do so, go to the following website.

Once you have signed in, click + Create new secret key

Give it a descriptive name, and for permissions, in my … Continue...

Automate Azure DevOps Work Item Updates with Azure Functions and the Azure DevOps API

Automate Azure DevOps Work Item Updates with Azure Functions and the Azure DevOps API

Comments 0 Comment

Objective

I use Azure DevOps Boards for agile project management, allowing me to plan, track, and discuss automation and DevOps tasks. I also create reporting dashboards from the data within the work items. One such metric I report on is how much time we save when implementing a new automation. To do this, I have a field called “Estimated Manual Time (min)” and “Annual Occurrences“. The first field is how long it takes someone to do the task manual right now, and the second field is how many times per year this certain task is done. The last field is “Time Saved Annually (hours),” which takes the first field, multiply it by the second field, and then divides that number by 60.

In this article, I will show you how I automated the “Time Saved Annually (hours)” value whenever a new work … Continue...

How The ConnectWise Manage API Handles Pagination with PowerShell

How The ConnectWise Manage API Handles Pagination with PowerShell

Comments 3 comments

If you have ever worked with the Microsoft Graph API, you may be familiar with how it handles pagination, which is returning an @odata.nextLink property in the response containing a URL to the following results page. 

I was initially confused when I started working with the ConnectWise PSA API. Although I could specify a pageSize and page parameter, there never seemed to be an indication of where to go for the next page of results. This write-up will show you several ways to do pagination within the API and how to form your headers and requests for each type.

The documentation for pagination from Connectwise can be found here.

Query Parameters

The first item to discuss is query parameters. Query parameters are key-value pairs that filter, sort, or paginate data an API returns. Below is a table of the query parameters we will use when paginating data and what … Continue...

Upload a file to Connectwise and Attach it to a Service Ticket with PowerShell

Upload a file to Connectwise and Attach it to a Service Ticket with PowerShell

Comments 4 comments

I have recently been automating a lot within Connectwise PSA. One of the items I set out to do is to upload a file and attach it to a service ticket. This led me to the following article, but after doing some testing, I found that some file types were not properly rendering on the Connectwise side, making me believe there was something wrong with the encoding.

I could upload a .txt file without issues, but I also tried with a .docx and a .pdf, and the file would be corrupted or blank.

The process to upload a file and then link it to a service ticket is first to upload the file to the endpoint /system/documents and then, from there, link the uploaded document to an existing service ticket.

Multipart/Form-Data

The first thing to know about how Connectwise wants a document uploaded is that it uses what is … Continue...