All posts in category PowerShell

Conditional Access policies – do you backup them ALL?

This will be a short post about a recent finding: AzureAD Conditional Access policies created from template may miss from your backups if not using Graph API beta endpoint. TL;DR– When you create a Conditional Access policy using the “New policy from template (Preview)” button, the policy will not show when querying policies using the […]

No Comments

by Daniel Kovacs on February 28, 2023 • Permalink

Posted in AzureAD, Conditional Access, GraphAPI, PowerShell

Tagged AzureAD, conditional access, Get-AzureADMSConditionalAccessPolicy, Get-MgIdentityConditionalAccessPolicy, PowerShell

Posted by Daniel Kovacs on February 28, 2023

https://f12.hu/2023/02/28/conditional-access-policies-do-you-backup-them-all/

Monitor AzureAD App registration expiration with PowerShell (GraphAPI)

There are several methods for monitoring Azure AD App registration expiration (like PowerAutomate or Azure Logic Apps) but these methods require extra licences or an Azure subscription. The PowerShell way is free and it only requires a new registration in AzureAD. TL;DR The script:

No Comments

by Daniel Kovacs on January 29, 2023 • Permalink

Posted in AzureAD, GraphAPI, PowerShell

Tagged AzureAD, PowerShell, Report

Posted by Daniel Kovacs on January 29, 2023

https://f12.hu/2023/01/29/monitor-azuread-app-registration-expiration-with-powershell-graphapi/

Backup AzureAD Conditional Access Policies v2 – Graph API

AzureAD Powershell is planned for deprecation (link) so I redesigned my Conditional Access Policy Backup solution originally posted here. This v2 edition uses an AzureAD app registration for unattended access (eg. scheduled script) and the Microsoft Graph API (but not the Microsoft Graph PowerShell module). The idea and the logic is the same as in […]

No Comments

by Daniel Kovacs on January 13, 2023 • Permalink

Posted in AzureAD, Conditional Access, GraphAPI, PowerShell

Posted by Daniel Kovacs on January 13, 2023

https://f12.hu/2023/01/13/backup-azuread-conditional-access-policies-v2-graph-api/

Monitor AzureAD Conditional Access Policy changes with PowerShell (Scheduled Script)

When there are multiple administrators in an AzureAD tenant, it is inevitable that one may change settings in Conditional Access policies – without notifying everyone involved. To keep track of changes you could regualarly check the AzureAD audit logs, or have an automation for it. I may be a bit old-fashioned, but I prefer to […]

No Comments

by Daniel Kovacs on May 31, 2022 • Permalink

Posted in AzureAD, Conditional Access, GraphAPI, PowerShell

Tagged AzureAD, conditional access, PowerShell

Posted by Daniel Kovacs on May 31, 2022

https://f12.hu/2022/05/31/monitor-azuread-conditional-access-policy-changes-with-powershell-scheduled-script/

Check if IP address is already an AzureAD Named Location using PowerShell

In a large corporate environment, it’s not unusual to have several Azure AD Named Locations (should it be trusted or not). It is even more challenging to keep track of these locations when there are several admins managing the environment. I thought it would be useful to have a script to determine if an IP […]

No Comments

by Daniel Kovacs on March 1, 2022 • Permalink

Posted in AzureAD, PowerShell

Tagged AzureAD, PowerShell

Posted by Daniel Kovacs on March 1, 2022

https://f12.hu/2022/03/01/check-if-ip-address-is-already-an-azuread-named-location-using-powershell/

Backup AzureAD Conditional Access Policies – a different approach

Update: as the AzureAD PowerShell is being deprecated, I made an updated version which can be found here Backing up AAD Conditional Access policies is relatively straightforward with Get-AzureADMSConditionalAccessPolicy cmdlet (don’t forget to update your AzureAD module if the cmdlet is not recognized). In this post, I want to share my own backup “solution” which […]

No Comments

by Daniel Kovacs on January 27, 2021 • Permalink

Posted in AzureAD, Conditional Access, PowerShell

Tagged AzureAD, conditional access, Get-AzureADMSConditionalAccessPolicy, PowerShell

Posted by Daniel Kovacs on January 27, 2021

https://f12.hu/2021/01/27/backup-azuread-conditional-access-policies-a-different-approach/

Grant admin consent to an AzureAD application via PowerShell

Recently, I was scripting an Azure App registration workflow and had some headaches figuring out how to grant admin consent to the application with PowerShell. Actually, if AzureCLI is installed you can use the following command: az ad app permission admin-consent –id <application id> However, I wanted to find some native PowerShell-way to solve this […]

No Comments

by Daniel Kovacs on January 13, 2021 • Permalink

Posted in AzureAD, PowerShell

Tagged adminconsent, AzureAD, AzureRM, PowerShell

Posted by Daniel Kovacs on January 13, 2021

https://f12.hu/2021/01/13/grant-admin-consent-to-an-azuread-application-via-powershell/

Querying AzureAD App registration credential expiration

Recently, I came across an interesting post on monitoring Azure AD App registration expiration – link here. I made a simplified version which only generates a report on the expiration date of each credential. TL;DRRunning the script below will list each credential for AzureAD app registrations sorted by expiration date. To run the script, ensure […]

No Comments

by Daniel Kovacs on December 14, 2020 • Permalink

Posted in AzureAD, PowerShell

Tagged AzureAD, AzureRM, PowerShell

Posted by Daniel Kovacs on December 14, 2020

https://f12.hu/2020/12/14/querying-azuread-app-registration-credential-expiration/

Bug in Get-AzureMSConditionalAccessPolicy cmdlet?

Recently, I found an excellent blogpost on how to back up AzureAD Conditional Access policies (link) using the new AzureAD PowerShell module and decided to create my own when I encountered a little bug… TL;DRInstead of using ToJson() method use ConvertTo-Json cmdlet on the objects returned by Get-AzureMSConditionalAccessPolicy. ExplainedI was trying to create my own […]

No Comments

by Daniel Kovacs on November 23, 2020 • Permalink

Posted in AzureAD, Conditional Access, PowerShell

Tagged AzureAD, conditional access, PowerShell

Posted by Daniel Kovacs on November 23, 2020

https://f12.hu/2020/11/23/bug-in-get-azuremsconditionalaccesspolicy-cmdlet/

Retrieve Bitlocker keys stored in AzureAD with PowerShell

Bitlocker keys can be stored in Active Directory and in Azure Active Directory too – but querying the latter is a bit trickier than usual. The following script will export all Bitlocker recovery keys (from your Azure Active Directory tenant) to an HTML table. TL;DR1. Ensure that you meet the following prerequisites: – you have […]

No Comments

by Daniel Kovacs on November 11, 2020 • Permalink

Posted in AzureAD, Bitlocker, PowerShell

Tagged AzureAD, Bitlocker, PowerShell, Report

Posted by Daniel Kovacs on November 11, 2020

https://f12.hu/2020/11/11/retrieve-bitlocker-keys-stored-in-azuread-with-powershell/

Archives
Categories
- AlwaysOn VPN
- Android
- AOVPN
- App configuration policy
- AzureAD
- Bitlocker
- Conditional Access
- Edge
- Entra Workload Identities
- GPO
- GraphAPI
- Intune
- KQL
- MDI
- PowerShell
- SCCM
- SharePoint Online
- Uncategorized
- Windows Hello for Business
Disclaimer

The information on this website is provided for informational purposes only and I make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.

The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of my employer.
Social

LinkedIn

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Recent Posts

Recent Comments

Conditional Access policies – do you backup them ALL?

Monitor AzureAD App registration expiration with PowerShell (GraphAPI)

Backup AzureAD Conditional Access Policies v2 – Graph API

Monitor AzureAD Conditional Access Policy changes with PowerShell (Scheduled Script)

Check if IP address is already an AzureAD Named Location using PowerShell

Backup AzureAD Conditional Access Policies – a different approach

Grant admin consent to an AzureAD application via PowerShell

Querying AzureAD App registration credential expiration

Bug in Get-AzureMSConditionalAccessPolicy cmdlet?

Retrieve Bitlocker keys stored in AzureAD with PowerShell

Archives

Categories

Disclaimer

Social