João Paulo Costa

Setting Up Custom Security Attributes with Microsoft Graph in Azure

So, you’ve probably heard about custom security attributes in Azure AD, right? If not, let me break it down for you. Azure AD lets the cool tech folks (like you and me) craft our own attributes in the directory. Think of it as putting a custom sticker or label on certain users. Maybe you’ve got people working in specific departments or on particular projects? These custom attributes are like those name tags at networking events but way less awkward. And the best part? These can be a game-changer when you’re setting up stuff like conditional access policies.

Before diving deep, you’ll need the Microsoft.Graph module. It’s your gateway to all things Microsoft Graph when you’re in the PowerShell realm.

Alright, setting up a custom attribute. Graph isn’t going to hand-deliver this one, but here’s a workaround:

# First things first, connect to Graph
Connect-MgGraph

# Details for our new attribute
$attributeDetails = @{
     id = “customExtension_DepartmentCode”
     dataType = “String”
     targetObjects = [“User”]
} | ConvertTo-Json

# Now, make it real
Invoke-MgGraphRequest -Method POST -Uri “https://graph.microsoft.com/v1.0/schemaExtensions” -Body $attributeDetails

Continue reading “Setting Up Custom Security Attributes with Microsoft Graph in Azure”

Creating a Self-Signed Certificates for Azure

When it comes to configuring applications or services that require SSL/TLS communication, having a self-signed certificate for testing or development purposes becomes almost indispensable. This is even more relevant when you’re dealing with services on Azure, where security is paramount.

Today, I’ll walk you through a PowerShell script that not only creates a self-signed certificate but also exports it in both .pfx and .cer formats.
Setting the Scene

Let’s start by defining some custom variables:

$friendlyName = “Azure SelfSigned Cert Name”
$subjectName = “CertificateName”
$certStorePath = “cert:\LocalMachine\My”
$exportPath = “C:\Temp\”
$passwordPlainText = “YourPasswordHere”

Here, $friendlyName is a descriptor for your certificate. $subjectName will serve as the Common Name (CN) for the certificate, and $certStorePath specifies the certificate store location in your system. Finally, $exportPath indicates where you want to save your certificate, and $passwordPlainText will be the password for your .pfx file.

Continue reading “Creating a Self-Signed Certificates for Azure”

Streamlining Role Management in Azure AD with PowerShell and Microsoft Graph

In today’s rapidly evolving IT ecosystem, effective role management is key. This is especially true for large organisations where managing roles for individual users can quickly become overwhelming. For businesses that leverage Microsoft Azure, there are robust tools at hand that can dramatically simplify and automate these intricate tasks. Among these tools, PowerShell in conjunction with Microsoft Graph stands out for its administrative efficiency.

In this blog post, we’re going to guide you through the process of crafting a PowerShell script that utilises Microsoft Graph to identify a specific Azure AD group and remove all roles assigned directly to all group members. Let’s get started!

Preparations

Before we dive in, there are a few prerequisites to note. Firstly, ensure that you have the Microsoft Graph PowerShell SDK installed. If not, use the Install-Module -Name Microsoft.Graph command in your PowerShell to add it.

Next, establish a connection to Microsoft Graph by using the Connect-MgGraph cmdlet.

Finally, remember to tread carefully when modifying user permissions. Scripts that implement bulk changes can be particularly powerful, but also potentially disruptive if not properly managed. It’s always wise to run tests with a small number of users before applying changes across an entire group.

Continue reading “Streamlining Role Management in Azure AD with PowerShell and Microsoft Graph”

Sending Emails Using Microsoft Graph API and PowerShell: An Advanced Guide

In this blog post, we’re going to explore how to send emails using Microsoft’s Graph API in combination with PowerShell. The Graph API provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Microsoft 365, Azure Active Directory, and other Microsoft services.

Microsoft Graph is a powerful API provided by Microsoft that allows for interaction with various Microsoft services such as Office 365, Azure Active Directory, Intune, and more. With Graph, we can automate tasks that interact with these Microsoft services in a simple and intuitive way.

One such task is sending emails, which we can automate using Graph API and PowerShell. In this guide, we’ll walk you through how to do this, using a provided PowerShell script as our starting point. We’ll also be generalizing all the variables to make the script usable for any case.

The script is divided into three main parts:

Authentication
Preparation of the email’s body and headers
Sending the email

Let’s walk through the script step-by-step.

IMPORTANT: For this script to work correctly, the application in Azure AD that corresponds to your $AppID and $AppSecret needs to have the Mail.Send permission granted under the Microsoft Graph API permissions. Without this, the application won’t have the necessary permissions to send emails on behalf of users.

Note: Make sure to replace all the placeholder variables with your actual values.

Continue reading “Sending Emails Using Microsoft Graph API and PowerShell: An Advanced Guide”

Study guide for Azure Solutions Architect

Hello there, cloud enthusiasts!

If you’ve landed on this page, it’s likely that you’re preparing for the AZ-305: Designing Microsoft Azure Infrastructure Solutions exam. This exam is the latest version designed to validate your knowledge and skills needed to design solutions that run on Microsoft Azure, including aspects such as compute, network, storage, and security. Today, I’m excited to share my insights and the study guide that helped me successfully pass the AZ-305 exam recently.