Due to COVID-19 and social distancing, I have found myself camping a lot more than in previous years. One problem that has brought with it is the high probability of being somewhere with no cell phone data service or poor cell phone data. Couple with my incredibly poor memory, I have often forgotten to turn off servers to save on cost in my dev or test environment until I’m out in the woods. Also, I wanted the ability to use Google Voice as well as Siri in my car or even at home, to turn off, turn on, or check the status of my servers in my Azure tenants. This has even come in handy when I didn’t have my phone on me and had to use the wife’s phone to turn on or off some servers in my tenant. (I set it to only accept messages from my phone … Continue...
In this article, I will be showing you how to create an Azure DevOps CI/CD (continuous integration / continuous deployment) Pipeline that will deploy and manage an Azure environment using Terraform. Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently.
Configuration files (In our case, it will be named ‘Main.tf’) describe to Terraform how you want your environment constructed. “Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform can determine what changed and create incremental execution plans which can be applied.”1
By creating an entire CI/CD pipeline, we can automate our infrastructure-as-code (IaC) deployment. When we have made a change to our Terraform code (adding something, removing something, changing something), the Pipeline will automatically log in to our Azure environment, add any new … Continue...
Hybrid Azure AD join requires devices to have access to the following Microsoft resources from inside your organization’s network. These addresses must be accessed using the SYSTEM context. If you are using Auto Pilot this will be accessed during the enrollment status part:
https://autologon.microsoftazuread-sso.com(If you use or plan to use seamless SSO)
To verify if the device is able to access the above Microsoft resources under the system account, you can use Test Device Registration Connectivity script.
Review AD DS UPN support for Hybrid Azure AD join
The table below provides details on support for on-premises AD UPNs in Windows 10 Hybrid Azure AD join
|Type of on-premises AD UPN||Domain type||Windows 10 version||Description|
|Routable||Federated||From 1703 release||Generally available|
|Non-routable||Federated||From 1803 release||Generally available|
|Routable||Managed||From 1803 release||Generally available, Azure AD SSPR on Windows lockscreen is not|
I found this fantastic PowerShell module from jseerden that queries Microsoft Graph, and allows for cross-tenant Backup & Restore of your Intune Configuration. The Intune Configuration is backed up as JSON files in a given directory. The module allows an administrator to backup, restore and even compare different Intune backup sets.
The module requires a total of 3 modules to be present, you can install them by running the following commands in an administrative PowerShell prompt:
- AzureAD (
Install-Module -Name AzureAD)
- MSGraphFunction (
Install-Module -Name MSGraphFunctions)
The IntuneBackupandRestore PowerShell module is hosted on the PowerShell Gallery. You can install it by running the following command in an administrative PowerShell prompt:
Install-Module -Name IntuneBackupAndRestore
Connect to Microsoft Graph
Next, we will connect to Microsoft Graph using the “Microsoft Intune PowerShell” application in AzureAD, so you don’t need to create your own … Continue...
Email address policies (EAP) define the rules that create email addresses for recipients. By setting up policies you can guarantee your users will have certain email address that follow the rules you have set in place. Unfortunately, in Office 365 Exchange Online there are no email address policies you can set for your users. In a larger organization where multiple people may be creating and editing users in Exchange Online, it’s possible that not all your users are following the address scheme you or your company has implemented. In this article I will leverage PowerShell and Azure RunBooks to make sure all of my users adhere to my companies EAP.
Setting up the Azure Automation Resources
In the next section I will go over what Azure resources we will be creating and what each one is responsible for. You can skip ahead to the configuration script below which will create … Continue...
I recently found myself needing to build out an on premise Active Directory environment and populate it from objects found in Office 365 (AzureAD). The local Active Directory would then be configured as the identity source and would sync up to AzureAD using Azure AD Connect. Unfortunately, Azure AD Connect is currently a one way sync from your on premise Active Directory Domain Services environment to AzureAD and wont sync objects down. AADConnect does have the ability to match our AzureAD objects to their corresponding Active Directory objects but, if an attribute like City, Phone Number, Department, Title, etc. is present in your existing AzureAD and not in ADDS, the attribute may remain in AzureAD but not replicate down to ADDS. So we will want to copy over as many attributes from AzureAD to our local Active Directory as possible in preparation for the Azure AD Connect sync. We will … Continue...