This will be a short post about a recent finding: AzureAD Conditional Access policies created from template may miss from your backups if not using Graph API beta endpoint. TL;DR– When you create a Conditional Access policy using the “New policy from template (Preview)” button, the policy will not show when querying policies using the […]
Conditional Access policies – do you backup them ALL?
Posted by Daniel Kovacs on February 28, 2023
https://f12.hu/2023/02/28/conditional-access-policies-do-you-backup-them-all/
Intune App configuration policy – Edge/Chrome URLBlocklist on Android: ‘Expected list value’ error
It’s funny when you are planning to post about a topic, then you encounter an error and then publish about the error instead. This was the case when I was comparing the app configuration policies for Edge and Chrome and came to the ‘Expected list value’ issue when trying to set up the URLBlocklist (sidenote […]
Posted by Daniel Kovacs on February 16, 2023
https://f12.hu/2023/02/16/intune-app-configuration-policy-edge-chrome-urlblocklist-on-android-expected-list-value-error/
Nextcloud with AzureAD Application Proxy
There are certain scenarios where Microsoft’s OneDrive/SharePoint solution is not an option for storing data (eg. data localization restrictions enforced by law). However, if you still want to provide your users with the file sync experience and/or other collaboration features you may have came across Owncloud or Nextcloud as an alternative. But have you considered […]
Posted by Daniel Kovacs on February 8, 2023
https://f12.hu/2023/02/08/nextcloud-with-azuread-application-proxy/
Monitor AzureAD App registration expiration with PowerShell (GraphAPI)
There are several methods for monitoring Azure AD App registration expiration (like PowerAutomate or Azure Logic Apps) but these methods require extra licences or an Azure subscription. The PowerShell way is free and it only requires a new registration in AzureAD. TL;DR The script:
Posted by Daniel Kovacs on January 29, 2023
https://f12.hu/2023/01/29/monitor-azuread-app-registration-expiration-with-powershell-graphapi/
Backup AzureAD Conditional Access Policies v2 – Graph API
AzureAD Powershell is planned for deprecation (link) so I redesigned my Conditional Access Policy Backup solution originally posted here. This v2 edition uses an AzureAD app registration for unattended access (eg. scheduled script) and the Microsoft Graph API (but not the Microsoft Graph PowerShell module). The idea and the logic is the same as in […]
Posted by Daniel Kovacs on January 13, 2023
https://f12.hu/2023/01/13/backup-azuread-conditional-access-policies-v2-graph-api/
Monitor AzureAD Conditional Access Policy changes with PowerShell (Scheduled Script)
When there are multiple administrators in an AzureAD tenant, it is inevitable that one may change settings in Conditional Access policies – without notifying everyone involved. To keep track of changes you could regualarly check the AzureAD audit logs, or have an automation for it. I may be a bit old-fashioned, but I prefer to […]
Posted by Daniel Kovacs on May 31, 2022
https://f12.hu/2022/05/31/monitor-azuread-conditional-access-policy-changes-with-powershell-scheduled-script/
Check if IP address is already an AzureAD Named Location using PowerShell
In a large corporate environment, it’s not unusual to have several Azure AD Named Locations (should it be trusted or not). It is even more challenging to keep track of these locations when there are several admins managing the environment. I thought it would be useful to have a script to determine if an IP […]
Posted by Daniel Kovacs on March 1, 2022
https://f12.hu/2022/03/01/check-if-ip-address-is-already-an-azuread-named-location-using-powershell/
Error: This mailbox database is associated with one or more move requests…
Recently, I was migrating from Exchange 2016 to Exchange 2019 and when I tried to uninstall Exchange 2016, I encountered the following error message: Error: This mailbox database is associated with one or more move requests. To get a list of all move requests associated with this database, run Get-MoveRequest -SourceDatabase and Get-MoveRequest -TargetDatabase . […]
Posted by Daniel Kovacs on November 30, 2021
https://f12.hu/2021/11/30/error-this-mailbox-database-is-associated-with-one-or-more-move-requests/
Backup AzureAD Conditional Access Policies – a different approach
Update: as the AzureAD PowerShell is being deprecated, I made an updated version which can be found here Backing up AAD Conditional Access policies is relatively straightforward with Get-AzureADMSConditionalAccessPolicy cmdlet (don’t forget to update your AzureAD module if the cmdlet is not recognized). In this post, I want to share my own backup “solution” which […]
Posted by Daniel Kovacs on January 27, 2021
https://f12.hu/2021/01/27/backup-azuread-conditional-access-policies-a-different-approach/