Using API-driven user provisioning with an Azure SQL database as a source of truth

After setting up the API-driven user provisioning and modifying the provisioning to fit one’s needs, the naturel next is to connect it to a “source of truth” to automate the provisioning. – preferably the HR system in your company because, HR is the one department in your company that should what know what job function, … Read more

Securely storing and retrieving credentials with Azure Key Vault in PowerShell scripts

When you are writing PowerShell scripts to automate various tasks in your everyday life in IT, the hardest part is often how to store the credentials to be used in your code in a secure way. In this blog post I want to show you how you can use an Azure Key Vault to store … Read more

Getting started with API-driven Inbound User Provisioning to On-Premises AD

API-driven Inbound User Provisioning to On-Premises AD is a feature that I personally have been really excited about for quite some time. I started working with it when it was in public preview around June 2023 and it went to General Availability in early 2024.API-driven Inbound User Provisioning is streamlined way of managing users in … Read more

Connect to Microsoft Teams PowerShell using Azure App reg. (Service principal) 

Not long ago Microsoft finally release a new version for the Microsoft Teams PowerShell module (4.8.0) that adds the ability to authenticate to Microsoft Teams using a Azure App reg. 
Using a Azure App reg. Is in my opnion the most secure way to authenticate when you are running scheduled task (or simlar). So if you are not using this method in your automation scripts with Teams, you should start ajusting (on your own risk ofc). 
The ability to use this method to authenticate has not been working for at least 1½ year (as of this writing) so I’m very excited to share the method with you guys. 

Read more

Monitor Azure App registration secret / certificate expiry with PowerShell

I came across a need to know when a certificates and secrets are about to expire on Azure app registrations, but there was no native way for me do this, expect to just scroll down the application registration list and look for “Expirer soon”, and that didn’t really do it for me.
So, I decided to look for way to get notified a number of days before a secret or a certificate will expire using PowerShell. I ended up writing this script and then running it using an Automation Account in Azure, but you can run this script everywhere, if you have the Microsoft Graph PowerShell module installed on the platform of your choice.

Read more

Connect to Microsoft Graph with PowerShell using a certificate and an Azure service principal.

Microsoft Graph is the new black. It may not be new for you, but nevertheless it’s important to know that Microsoft is putting a lot of effort into to the Microsoft Graph PowerShell module, and by doing so, The Azure AD PowerShell module and the PowerShell module Microsoft Online (MSOL) is soon to be retried by Microsoft and to be completely replaced with Microsoft Graph instead. You can read more about that here:

Like any other PowerShell Module from Microsoft, you need to authenticate to the service using some form of credential type (username/password + MFA fx.), and the Microsoft Graph is no exception (surprise!) In this post we won’t be focused on the username/password authentication, but instead we will be using a certificate. The reason for this, is the purpose of using an authentication method to be used in automation scripts that can be run unattended in scheduled task or an Azure Automation account in a secure way. (We don’t want to have username/password in plain text in the code and the MFA prompt might be an issue).
But to use a certificate as our authentication method we need to have an Azure service principal.

It’s the service principal that will ‘perform’ our actions in PowerShell using the Microsoft Graph. This blog will cover how to create both the certificate and the service principal and demonstrate how to connect to Microsoft Graph.

Read more

Add new dates to Teams holidays using PowerShell

So, here we again – A new year (and new me?) after the last holiday is over it’s time for a new year and that lucky means new holidays in sight, but in order to truly be off duty, you might need to update your holidays in Teams Admin Center (TAC) so that you and other departments that are dependent on a Auto Attendantes can have the voice mail pick of the phone will you take a day off.

Read more

Set or change a Teams users call forwarding settings with PowerShell

So, as the title says, its now possible to manage a user in your Team tenants call forwarding settings. This is a feature that has been missed by many UC administrator since Teams replaced Skype for Business. But now it’s finally here – Sort of, the features is in preview. The features was release with the new preview version of the Microsoft Teams PowerShell module on the 9 December.

Read more