Azure
Azure
Hi All,
A few days ago, i was very enthusiastic, because i found some new Logs in Azure Active Directory Diagnostic Settings
EnrichedOffice365AuditLogs
MicrosoftGraphActivityLogs
I've enabled all those logs
But i could not see any new Tables in the Log Analytics Workspace
So i googled around and found out, that you can enable those logs, but the Tables are not created unless you where in the Preview :(
Integrate Azure AD logs with Azure Monitor logs
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics
Regards
Andres Bohren
Hi All,
Just a few Hours ago, a new Version of the AZ PowerShell Module has been released to PowerShell Gallery.
Az 9.5.0
https://www.powershellgallery.com/packages/az/9.5.0
Release Notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
I wanted to monitor the Performance of my Blog. I've added Application Insights to my Azure Subscription and under "Availablility" i have added a "Classic test"
Monitor availability with URL ping tests
https://learn.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
URL Ping
Add the URL, the Regions where you want to test from, the Response Code and Timeout. In my case i don't need an Alert.
After a few days you can se now the Availability is at 100%
The Average response Time is about 500 ms in Europe less than 300 ms.
You can view the Logs in LogAnalytics Workspace
availabilityResults
| where timestamp > datetime("2023-03-07T20:17:00.000Z") and timestamp < datetime("2023-03-08T20:17:00.000Z")
| where true
| where name...
Hi All,
Did you notice that you can download Conditional Access Templates. The Templates are documented in the Conditional Access Doumentation below
Conditional Access templates (Preview)
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common
In Conditional Access Management select "New policy from template"
Now you have a diffrent range of Policys and can download the JSON
Back in Conditional Access select "Upload policy file"
Select your JSON File and choose between "Off", "On", "Report only"
After that your Policy is created
And you can view the details and adopt to your environement. Make sure you don't lock yourself out!
Also Check out the CA Export to HTML
https://github.com/BohrenAn/CA-Export
Regards
Andres Bohren
Hi All,
Today i had an interesting case with AzureAD Connect Synchronization from Active Directory to Azure Active Directory.
The Customer is in the middle of a reorganization and was changing the Domain.
I've added the new UPN to the UPN Suffixes in Azure AD (domain.msc > Properties)
We addet the new Domain to the M365 Tenant
Then i've changed the UPN Suffix of a Testuser. But the UPN did not change in AzureAD after the AAD Connect Sync Cycle.
I've never experienced that. And in my Tenant it works finde.
After a while Googling i found out, that this Feature can be configured with the MSOnline...
Hi All,
Yesterday the new Version of the AZ PowerShell Module 9.4.0 has been released to PowerShell Gallery.
Az 9.4.0
https://www.powershellgallery.com/packages/AZ/9.4.0
Azure PowerShell release notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-9.4.0
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
While checking the Devices in my M365 Tenant i was stumbled over the Stale Devices.
The List shows Devices that have an acivity more than 6 Months ago
Let's check if we can get that Information with Microsoft.Graph PowerShell
Connect-MgGraph -Scopes Directory.ReadWrite.All, Directory.AccessAsUser.All
Get-MgDevice
Now we need to get the Devices that are older than six Months
$Devices = Get-MgDevice
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
We can format that a little better
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)} | ft DisplayName,AccountEnabled,OperatingSystem,OperatingSystemVersion,ProfileType,IsManaged,IsCompliant,OnPremisesSyncEnabled,ApproximateLastSignInDateTime
Let's remove these Devices
$StaleDevices = $Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
Foreach ($StaleDevice in $StaleDevices)
{
Write-Host "DisplayName: $($StaleDevice.DisplayName) ApproximateLastSignInDateTime: $($StaleDevice.ApproximateLastSignInDateTime)"
$DeviceId = $StaleDevice.Id
Write-Host "Delete Id: $DeviceId" -ForegroundColor...
Hi All,
I had the "pleasure" again this week to Document the Azure AD Policies.
Making several Screenshots in the Azure AD Portal seemed not the best way.
MSGraph: List Conditional Access policies
https://learn.microsoft.com/en-us/graph/api/conditionalaccessroot-list-policies?view=graph-rest-1.0&tabs=http
So tried to use the Microsoft Graph Explorer https://aka.ms/ge
You need the Permission: Policy.Read.All
https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies
While using the JSON could be one way. It's not very good if you have to Document it in a Word Document right.
I tried to use the Microsoft.Graph PowerShell Module
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes Policy.Read.All
$CAP = Get-MgIdentityConditionalAccessPolicy
$CAP
As you can see the Conditions, GrantControls and SessionControls are dedicated Objects
$CAP[1] | fl
If we dig down the Conditions more Objects appear
$CAP[1].Conditions | fl
And...
Hi All,
I recently had a case where i needed to access the AzureAD Signin Logs with PowerShell.
I've started at the Azure AD Signin Logs and filtered by UPN
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/SignIns
Next step was Graph Explorer where i found the needed Permissions
###############################################################################
# Graph Explorer
###############################################################################
#Go to https://aka.ms/ge
https://graph.microsoft.com/v1.0/auditLogs/signIns
https://graph.microsoft.com/v1.0/auditLogs/signIns?&$filter=startsWith(userPrincipalName,'a.bohren@icewolf.ch')
Let's connect with these Permissions (they need Admin Consent and i already have that)
#Import-Module and Connect to Microsoft Graph
Import-Module Microsoft.Graph.Reports
Connect-MgGraph -Scope AuditLog.Read.All,Directory.Read.All
By default you only get 1000 Rows
#Get Signins
$Signins = Get-MgAuditLogSignIn
$Signins.Count
Let's check the Details of one Record
#Show Details of one Record
$Signins[0] | fl
Do we have SignIns where RiskState is set?
#List RiskState
$Signins | where {$_.RiskState -ne "none"}
By using a Filter...
Hi All,
Somehow i missed, that the AZ PowerShell Module 9.3.0 has already been released a Week ago.
Az 9.3.0
https://www.powershellgallery.com/packages/AZ/9.3.0
Azure PowerShell release notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-9.3.0
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Full Azure Archive