IDMFUN - More than just Identity & Access Management
235 FOLLOWERS
All about experience with Identity, Access and Risk management products in the industry
IDMFUN - More than just Identity & Access Management
2M ago
# Install AzureAD module if not already installed
Install-Module -Name AzureAD -Force -Scope CurrentUser
# Import required modules
Import-Module AzureAD
# Read emails from Excel sheet
$emails = Import-Excel -Path "emails.xlsx" | Select-Object -ExpandProperty Email
# Connect to Azure AD
Connect-AzureAD
# Iterate through emails and check user existence and account status
foreach ($email in $emails) {
$user = Get-AzureADUser -Filter "mail eq '$email'"
if ($user) {
Write-Host "User with email $email exists. Account Enabled: $($user.Acco ..read more
IDMFUN - More than just Identity & Access Management
3M ago
In this article we will go through high level steps to take backup of Azure APIM instance to a storage account.
There are couple of ways to configure a regular backup of the Azure APIM instances. In this instance, we will configure Azure APIM backup using Logic Apps.
Before we proceed make sure below services are are already created
1. Azure APIM instance
2. Azure Storage account
3. Container in Azure Storage account
Let's see what it takes to configure a scheduled Azure APIM instance backup on a daily basis
1. Create a Logic App and navigate to Logic App designer tab
2. Add Recurrence step an ..read more
IDMFUN - More than just Identity & Access Management
4M ago
Install the required Azure AD preview module
Install-Module AzureADPreview
Connect to Azure AD with valid credentials -
Connect-AzureAD
Obtain the application Object ID
Get-AzureADServicePrincipal -Filter "DisplayName eq '<<APPLICATION_NAME>>'"
Take the ObjectId from the above command result
Get-AzureADServicePrincipalPolicy -id <<OBJECT ID from the above command>>
Get the policy details
Get-AzureADPolicy -Id <<ObjectIdOfthe Policy>> |select *
  ..read more
IDMFUN - More than just Identity & Access Management
6M ago
# Set your Cosmos DB account and database details
$resourceGroupName = "<<Resource Group Name>>"
$accountName = "<<Azure Cosmos DB Account Name>>"
$databaseName = "<<Database Name>>"
$containerName = "<<container Name>>"
# Set the output CSV file path
$outputCsvFilePath = "<<Location>>\export.csv"
# Query to retrieve data from Cosmos DB
$query = "SELECT * FROM c"
# Authenticate to your Azure account (if not already authenticated)
# Connect-AzAccount
# Get the Cosmos DB container
$container = Get-AzCosmosDBSqlContainer -ResourceG ..read more
IDMFUN - More than just Identity & Access Management
3y ago
I'm sharing another use case, "Kerberos + HEADER-based application SSO" implementation experience with Apache and Keberos module. There are times you end up working with a custom authentication & Single Sign-On solution to an application despite modern authentication mechanisms.
One such situation is providing seamless access to an application when accessing from an Active Directory domain-joined machine. It technically means leveraging the Kerberos token from the device and authenticates the user into the HEADER-based application.
Utilizing Apache web server, Kerberos module, and apache r ..read more
IDMFUN - More than just Identity & Access Management
3y ago
When uploading Azure AD SAML metadata to a service provider you might get below error message -
*********************************************************************
SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'” SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'.
****************************************************************************
Q ..read more
IDMFUN - More than just Identity & Access Management
3y ago
There are times you want to know synched or cloud only groups.
Command to search synched groups -
Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $TRUE}
Command to search cloud only groups -
Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $NULL}
Funny enough that DirSyncEnabled attribute contains "TRUE" (if it's synched group) "NULL" (if cloud only)
Thanks
Siva Pokuri ..read more
IDMFUN - More than just Identity & Access Management
4y ago
Below setting in Azure AD user entry will make the external account visible in Outlook Address book -
Create Azure AD guest account using Graph API invitation URL
Update the user entry by setting "ShowInAddressList" attribute to "true" using Graph User API
Check the email address in Outlook Address Book
Note - This above configuration worked in beta version of graph API.
Thanks
Siva Pokuri ..read more
IDMFUN - More than just Identity & Access Management
5y ago
Following some research over the types of groups being offered by Microsoft. I realized that I didn't come across a feature comparison among all Microsoft groups. So I said myself why not create one :-) and share it.
Thanks
Siva Pokuri ..read more
IDMFUN - More than just Identity & Access Management
5y ago
Webhooks playing a much important role in today's event-driven communication between the server and a client, especially broadcasting changes from server to clients involving any changes. In a way, webhooks works reverse than the usual client sends a request to a server/service.
Lately, most of the cloud service providers have this feature in their cloud offerings. I got a chance to check out and try Microsoft Azure AD webhooks/notifications. It comes handy especially when there is a requirement to monitor activities and notify concern parties for action. For example, user & group managem ..read more