Create onboarding Lifecycle Workflows using Microsoft Entra ID Governance

Onboarding of users is something that should not be taken lightly as it’s a first impressions matter as lot and it says a great deal about an IT department for new users when the start that they have everything need to get started for the job they were hired to do. There are of course … Read more

Using API-driven user provisioning with an Azure SQL database as a source of truth

After setting up the API-driven user provisioning and modifying the provisioning to fit one’s needs, the naturel next is to connect it to a “source of truth” to automate the provisioning. – preferably the HR system in your company because, HR is the one department in your company that should what know what job function, … Read more

Configure EmployeeHireDate and EmployeeLeaveDateTime in Active Directory to be used with Microsoft Entra ID Governance.

To fully use Microsoft Entra ID Governance – more precisely lifecycle workflows -, you do need to configure a few things, although it is not mandatory to do it since all the lifecycle workflows can be run on-demand. But the whole purpose of lifecycle workflows is that they should run automatically based on attribute changes … Read more

Securely storing and retrieving credentials with Azure Key Vault in PowerShell scripts

When you are writing PowerShell scripts to automate various tasks in your everyday life in IT, the hardest part is often how to store the credentials to be used in your code in a secure way. In this blog post I want to show you how you can use an Azure Key Vault to store … Read more

Securing Service Principals in Microsoft Entra ID with Conditional Access policies

Service Principals in your Microsoft cloud environment has long been a nice and convenient way to provide access to resources like SharePoint Online, Entra ID, Microsoft Graph or Azure resources by using a secret (password) or a certificate, and by then combining it with the client ID (username) for the Service Principles to be able … Read more

Modifying the attribute mapping in API-driven provisioning to on-premises Active Directory.

This blog post is a small continuation of the blog post about Getting started with API-driven Inbound User Provisioning to On-Premises AD, but in this blog, I’m going to show you how to modify the API and Active Directory mapping of attributes when you are provisioning users. This is useful if want to customize mapping … Read more

Getting started with API-driven Inbound User Provisioning to On-Premises AD

API-driven Inbound User Provisioning to On-Premises AD is a feature that I personally have been really excited about for quite some time. I started working with it when it was in public preview around June 2023 and it went to General Availability in early 2024.API-driven Inbound User Provisioning is streamlined way of managing users in … Read more

Using Azure Service principal to run PowerShell script on Azure SQL server (Managed instance)

Azure service principals (or App regs.) is nice secure way to connect to fx. a Azure SQL manage instance and then perform querys using PowerShell. This is an ideal alternativ to using a local Service Account. The upside to this is that you can authenticate with a secret or with a certificate that you create for yourself or the machine you are running your script(s) from.

Read more

Assign Azure SQL database permissions to AAD group

Intro
When you create an Azure SQL database (DB) right of the bat, you will be faced with the need to assign permission in the database to users or security groups. Normally on an on-premises SQL DB it’s no problem and can be done using the GUI in SSMS. But for an Azure SQL DB, there is no GUI to assign permissions, you will need to use SQL queries to assign permissions to users or groups. Let me show you how to assign SQL DB permissions to a AAD security group.

Read more