Automatically Schedule Microsoft Teams Do Not Disturb Presence Based on Outlook Calendar Events

Automatically Schedule Microsoft Teams Do Not Disturb Presence Based on Outlook Calendar Events

Comments 1 comment

In this article I will be showing you how you can automatically have Microsoft Teams set its presence to Do Not Disturb, or any other presence, based on events in your Outlook Calendar. I also looked into leveraging Power Automate but it began to require premium connectors and at that cost, going the serverless automation route was much cheaper.

An overview of this automation is as follows:

  1. Run on a set schedule.
  2. Get all users within the tenant, if the user does not have a mailbox, proceed to the next user, if the user does have a mailbox proceed to the next step.
  3. Get the users events that will occur within the next 1 hour (configurable value)
  4. See if there is an event that matches what we are looking for. In my instance, if an event title/subject is “DND” (not case-sensitive) then proceed to the next step, otherwise go to
Continue...
Automated Alerts on Azure (Entra ID) Application Secret Expirations

Automated Alerts on Azure (Entra ID) Application Secret Expirations

Comments 43 comments

Monitoring Azure AD (Entra ID now) application secret expirations in an enterprise is a critical aspect of maintaining robust security and ensuring uninterrupted service. When application secrets expire without timely renewal, it can disrupt business operations by causing application failures. Proactive management of application secret expirations helps enterprises avoid last-minute issues, enabling a more secure and efficient operational environment.

During my brief research in finding an automated approach to monitoring application secret expirations, I found multiple write-ups and articles but many only showed the code on how to get the expiration property without walking through setting up the automation itself. Another issue was not converting the default UTC time to local time to get more accurate expiration datetimes, and also dealing with applications with multiple secrets that expire at different times.

This article will walk one through the code’s logic, including converting time and dealing with multiple values, and creating … Continue...

The Microsoft Graph Command-Line Interface (CLI)

The Microsoft Graph Command-Line Interface (CLI)

Comments 2 comments

On November 22nd, Microsoft announced that the Microsoft Graph CLI was now generally available at version 1.0.0. The command-line tool provides convenient methods to access Microsoft Graph API capabilities on any operating system and any shell. The CLI uses the Microsoft Graph v1.0 endpoint. Microsoft does provide a Beta CLI that interacts with the Microsoft Graph Beta endpoint.

The CLI not only allows you to get objects but update, create and delete objects using the Microsoft Graph REST API.

Download the CLI

MacOS

Download the CLI from here.

  • If you have an ARM based Mac (M1, M2, etc) computer, download the msgraph-beta-cli-osx-arm64... package.
  • If you have an Intel processor, download the msgraph-beta-cli-osx-x64... package.

Extract the files to a directory you can reference later. For my purposes, I created a folder called, ‘MSGraph CLI’ in my Home Directory.

Next, we will update PATH permanently by editing your shell profile (… Continue...

Microsoft Graph API Endpoint Adds Last Successful Sign-In Date Time

Microsoft Graph API Endpoint Adds Last Successful Sign-In Date Time

Comments 4 comments

Previously, if you wanted to find a user’s last successful sign-in to your Microsoft 365 tenant using the Microsoft Graph REST API, you would have to iterate through Entra ID sign-in logs. With new recent additions to the Microsoft Graph API Beta Endpoint, you can now return the UTC value just by parsing the user details and properties. The Microsoft documentation regarding the signInActivity resource type can be found here.

LastSignInDateTime vs LastSuccessfulSignInDateTime

The difference between lastSignInDateTime and lastSuccessfulSignInDateTime property is:

  • lastSignInDateTime: The last interactive sign-in date and time for a specific user. You can use this field to calculate the last time a user attempted to sign into the directory the directory with an interactive authentication method. This field can be used to build reports, such as inactive users. The timestamp represents date and time information using ISO 8601 format and is always in UTC time. For
Continue...
Getting Started with the IntuneCLI, an Automated Intune Management Solution

Getting Started with the IntuneCLI, an Automated Intune Management Solution

Comments 1 comment

Disclaimer: The IntuneAssistant is an ongoing project that is in development. The document below may be outdated in newer versions. The developer is very active on GitHub if you run into any issues. You should reference the GitHub Project: https://github.com/srozemuller/IntuneAssistant

I would also recommend checking out their blog at: Sander Rozemuller | All about Identity, AVD, Automation, DevOps, Monitoring, Intune and Security

Obtaining the IntuneAssistant

Manual

The first thing we need to do, is to download the CLI binary which can be found here. In my case, I am running a M1 Pro Mac so I will grab the MacOS ARM binary. I then placed it in a folder called “Dev” in the root of my Home directory.

Make the Binary Executable

The next step in the process is to make the binary executable. This is something that you do not have to do on a Windows machine, … Continue...

Centrally Manage Company Contacts and Deploy to Built-In Contacts App Using Intune, SharePoint, PowerShell and Graph API.

Centrally Manage Company Contacts and Deploy to Built-In Contacts App Using Intune, SharePoint, PowerShell and Graph API.

Comments 14 comments

I recently met with a company that was looking for a better way to get contacts to their employee’s work phones. Currently, they are sending a .vcf file and then having the employees manually save the contacts. While this works, the problem is if you need to send a new contact, you now need to send a new .vcf file to every employee and instruct them on how to save it. Similarly, if you ever need to remove a contact, you need to instruct your employees to manually delete that contact.

One of the first things I thought about, is creating an App Configuration Policy to force Outlook to sync contacts to native apps. Most of the contacts I need to sync to the phone were employees of the company so I figured it would sync from the Global Address List and then maybe I could create contacts in … Continue...

Windows LAPS Management, Configuration and Troubleshooting Using Microsoft Intune

Windows LAPS Management, Configuration and Troubleshooting Using Microsoft Intune

Comments 39 comments

Windows Local Administrator Password Solution (Windows LAPS) is a Windows Feature that allows IT Administrators to secure and protect local administrator passwords. This includes automatic rotation of passwords as well as backing up the passwords to Azure Active Directory or Active Directory. You can configure Windows LAPS on your Windows endpoints using Microsoft Intune.

Pre-requisites

To use Windows LAPS in Intune, ensure you’re using a supported Windows platform:

You might also have to enable Azure AD Local Administrator Password Solution (LAPS) within your Azure Tenant.

  • Azure Active Directory > Devices > Device Settings > Azure AD Local Administrator Password Solution (LAPS)
    Note: You may not have to do this once the product is
Continue...
Modern Active Directory – An update to PSHTML-AD-Report

Modern Active Directory – An update to PSHTML-AD-Report

Comments 30 comments

This is a guest blog by Mehdi Dakhama, you can check out his blog here. He has transformed and improved upon PSHTML AD Report.

About

This document presents the Modern Active Directory project, which aims to bring a more modern view on your Active Directory, whether to view key indicators or to perform advanced searches in a simple way.

With this PowerShell module that accesses your Active Directory in read-only mode, you can view and query your directory from a Web page. This directory status is generated on demand by executing a command or automatically so that you receive a daily report by e-mail.

Current Reporting and Limitations

Default console limits

By default, two consoles (DSA and DSAC) are proposed to administer the DA. These consoles have not evolved for several years and they are limited in terms of functionality. Moreover, the installation of these consoles requires administrator … Continue...

Set-ADUser: Dealing with Null Values when Importing a CSV; Working with Parameters and Properties that don’t Accept Empty Strings

Set-ADUser: Dealing with Null Values when Importing a CSV; Working with Parameters and Properties that don’t Accept Empty Strings

Comments 4 comments

Recently, I set out on populating a test Active Directory environment from a production environment. This included populating Active Directory Users and Computers with my users from production. I figured I could quickly export my users from production to a CSV file, include any properties I wanted to import over to the test environment, and then create the new users based on the CSV file using New-ADUser and Set-ADUser respectably. Quickly, I realized that I had a problem. I couldn’t just import the CSV file and have it iterate through each user because some parameters do not accept null values, meaning if I am calling the parameter, it wants a value, no exceptions. This is the same for LDAP properties as well that use the Replace parameter.

The Instance Parameter

The first possible fix I found, was the use of the Instance parameter. The Instance parameter will change properties of … Continue...

Migrate your Runbooks in Azure Automation to Managed Identities

Migrate your Runbooks in Azure Automation to Managed Identities

Comments 2 comments

Microsoft has recently announced that on September 30th, 2023, Azure Automation RunAs accounts, including Classic Run As accounts, will be retired so you will need to migrate your runbooks to managed identities for authentication. Managed Identities provide the same functionality as a RunAs accounts, plus:

  • Secure authentication to any Azure service that supports Azure Active Directory (Azure AD) authentication.
  • Minimized management overhead with easy access to resources.
  • Simplified runbooks with no requirement to use multi-line code.

Review your Automation Accounts

The first item that must be done, is to review your Automation Accounts within Azure to see which one, if any, are using RunAs or Classic RunAs Accounts. In Azure go to Automation Accounts. In the screenshot below we can see that I have a total of four (4) different automation accounts that span three (3) resource groups, and two (2) Azure subscriptions.

If I click an Automation Account and … Continue...