In this article, I will be showing you how to create an Azure DevOps CI/CD (continuous integration / continuous deployment) Pipeline that will deploy and manage an Azure environment using Terraform. Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently.
Configuration files (In our case, it will be named ‘Main.tf’) describe to Terraform how you want your environment constructed. “Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform can determine what changed and create incremental execution plans which can be applied.”1
By creating an entire CI/CD pipeline, we can automate our infrastructure-as-code (IaC) deployment. When we have made a change to our Terraform code (adding something, removing something, changing something), the Pipeline will automatically log in to our Azure environment, add any new … Continue...
Recently, I have been doing a lot of Microsoft Intune deployments and write up’s. One of the most time-consuming tasks with Intune is the application portion, where you package applications up to deploy to your end-user machines. Currently, if the application is bundled as an executable (exe), the steps to get it into Intune is as follows:
- Grab the installation executable
- Find the install switches – most common one is the silent switch, but some applications may have other switches you will need as well
- Find the install directory or registry key to tell Intune if it installed correctly or not
- Find the uninstall executable and any switches it has as well
- Wrap the executable in an ‘INTUNEWIN’ format
- Import file into Intune
- Configure the application with the install and uninstall switches as well as the directory it creates to Intune knows if it installed correctly or not
This process … Continue...
Follow up: With windows 11 – this can be done by default in a couple steps: https://learn.microsoft.com/en-us/mem/autopilot/add-devices#diagnostics-page-hash-export
With Auto Pilot you need to import a machines Auto Pilot hash, or hardware ID, to register the device with the Windows Auto Pilot deployment service in Azure. Ideally, the process of getting the Auto Pilot hash would be performed by the OEM, or reseller from which the devices were purchased, but currently the list over participating resellers is small. The other option is to do it manually which requires you boot the device up, go through the out of box experience (OOBE), and then run a PowerShell script which will spit out the hash CSV for you to then import into Auto Pilot. This process can be time consuming if you have a batch of new machines, and once you get the hash for each device, you must reset it so during … Continue...
Intune is a great way to deploy applications to your managed devices, couple that with Auto Pilot and its a quick and easy way to deploy new end-user machines as well. With Intune you can deploy applications like MSI, Win32, Microsoft Store, etc. The application files are cached on your local machine via Intune, and then installed. But with applications that require multiple files, or even install directories, or large install files this may not be the best method. With multiple files you could put all your files and directories in one folder, create a PowerShell script to move the files and call the installer, and wrap it all up in a intunewin format (and then in the Intune install command, call powershell.exe to run your custom PowerShell script). OR you can stick it up in Azure Blob Storage, and create a PowerShell configuration script to download and install it. … Continue...
Hybrid Azure AD join requires devices to have access to the following Microsoft resources from inside your organization’s network. These addresses must be accessed using the SYSTEM context. If you are using Auto Pilot this will be accessed during the enrollment status part:
https://autologon.microsoftazuread-sso.com (If you use or plan to use seamless SSO)
To verify if the device is able to access the above Microsoft resources under the system account, you can use Test Device Registration Connectivity script.
Review AD DS UPN support for Hybrid Azure AD join
The table below provides details on support for on-premises AD UPNs in Windows 10 Hybrid Azure AD join
I found this fantastic PowerShell module from jseerden that queries Microsoft Graph, and allows for cross-tenant Backup & Restore of your Intune Configuration. The Intune Configuration is backed up as JSON files in a given directory. The module allows an administrator to backup, restore and even compare different Intune backup sets.
The module requires a total of 3 modules to be present, you can install them by running the following commands in an administrative PowerShell prompt:
- AzureAD (
Install-Module -Name AzureAD)
- MSGraphFunction (
Install-Module -Name MSGraphFunctions)
The IntuneBackupandRestore PowerShell module is hosted on the PowerShell Gallery. You can install it by running the following command in an administrative PowerShell prompt:
Install-Module -Name IntuneBackupAndRestore
Connect to Microsoft Graph
Next, we will connect to Microsoft Graph using the “Microsoft Intune PowerShell” application in AzureAD, so you don’t need to create your own … Continue...
Email address policies (EAP) define the rules that create email addresses for recipients. By setting up policies you can guarantee your users will have certain email address that follow the rules you have set in place. Unfortunately, in Office 365 Exchange Online there are no email address policies you can set for your users. In a larger organization where multiple people may be creating and editing users in Exchange Online, it’s possible that not all your users are following the address scheme you or your company has implemented. In this article I will leverage PowerShell and Azure RunBooks to make sure all of my users adhere to my companies EAP.
Setting up the Azure Automation Resources
In the next section I will go over what Azure resources we will be creating and what each one is responsible for. You can skip ahead to the configuration script below which will create … Continue...
I have written several articles on using PowerShell to send alerts and notifications to Microsoft Teams, but up until now they were set up using only the task scheduler. As more and more companies move to the cloud I wanted to see how I could do cloud infrastructure alerting as well. In this article I am using an Azure RunBook to connect to my Office 365 tenant, parse my licenses, and return any that need reconciliation. If you get your Office 365 licenses from a CSP or any other kind of reseller, you may get charged for all of your licenses, applied or not. So it’s a good thing to make sure you don’t have any extra ones lying around.
Set Up the Azure Environment
Resource Group, Runbook and Automation Account Creation
I created a script that you can just change the variables for and it will create the following … Continue...
PoshBot is a chat bot written in PowerShell and created by DevBlackOps. ‘It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands.’1 PoshBot can do pretty much anything you configure it to do. You can have it create Azure servers, reset Active Directory passwords, create and modify help desk tickets, license Office 365 users, etc. ‘If you can write it in PowerShell, PoshBot can execute it.’1
Important: PoshBot has some great documentation, make sure you bookmark and review it.
In this guide I will walk you through setting up PoshBot for Microsoft Teams. It’s a little more tedious than Slack (which is a few commands) but once you get it going it works flawless. Keep an eye out as I will be publishing more articles on different PoshBot plugins that I create which … Continue...
By default, there is an Intune device configuration property that can set a devices wallpaper (Profile Type: Device Restrictions > Personalization) BUT this is only applicable on devices running Windows 10 Enterprise and Windows 10 Education. Luckily, using PowerShell we can download a image from the web, save it locally, and set it as our users wallpapers.
First we need to create our PowerShell script. In PowerShell ISE I created the following script and saved it to my local machine
$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
$DesktopPath = "DesktopImagePath"
$DesktopStatus = "DesktopImageStatus"
$DesktopUrl = "DesktopImageUrl"
$StatusValue = "1"
$url = "https://www.thelazyadministrator.com/wp-content/uploads/2019/07/nicewall.jpg"
$DesktopImageValue = "C:\MDM\wallpaper_LazyAdmin.jpg"
$directory = "C:\MDM\"
If ((Test-Path -Path $directory) -eq $false)
New-Item -Path $directory -ItemType directory
$wc = New-Object System.Net.WebClient
if (!(Test-Path $RegKeyPath))
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $StatusValue -PropertyType DWORD -Force |