# Install AzureAD module if not already installed Install-Module -Name AzureAD -Force -Scope CurrentUser # Import required modules Import-Module AzureAD # Read emails from Excel sheet $emails = Import-Excel -Path "emails.xlsx" | Select-Object -ExpandProperty Email # Connect to Azure AD Connect-AzureAD # Iterate through emails and check user existence and account status foreach ($email in $emails) {     $user = Get-AzureADUser -Filter "mail eq '$email'"     if ($user) {         Write-Host "User with email $email exists. Account Enabled: $($user.Acco ..read more

In this article we will go through high level steps to take backup of Azure APIM instance to a storage account. There are couple of ways to configure a regular backup of the Azure APIM instances. In this instance, we will configure Azure APIM backup using Logic Apps. Before we proceed make sure below services are are already created 1. Azure APIM instance 2. Azure Storage account 3. Container in Azure Storage account Let's see what it takes to configure a scheduled Azure APIM instance backup on a daily basis 1. Create a Logic App and navigate to Logic App designer tab 2. Add Recurrence step an ..read more

Install the required Azure AD preview module Install-Module AzureADPreview Connect to Azure AD with valid credentials - Connect-AzureAD Obtain the application Object ID  Get-AzureADServicePrincipal -Filter "DisplayName eq '<<APPLICATION_NAME>>'" Take the ObjectId from the above command result Get-AzureADServicePrincipalPolicy -id  <<OBJECT ID from the above command>>  Get the policy details   Get-AzureADPolicy -Id <<ObjectIdOfthe Policy>> |select *   ..read more

 # Set your Cosmos DB account and database details $resourceGroupName = "<<Resource Group Name>>" $accountName = "<<Azure Cosmos DB Account Name>>" $databaseName = "<<Database Name>>" $containerName = "<<container Name>>" # Set the output CSV file path $outputCsvFilePath = "<<Location>>\export.csv" # Query to retrieve data from Cosmos DB $query = "SELECT * FROM c" # Authenticate to your Azure account (if not already authenticated) # Connect-AzAccount # Get the Cosmos DB container $container = Get-AzCosmosDBSqlContainer -ResourceG ..read more

I'm sharing another use case, "Kerberos + HEADER-based application SSO" implementation experience with Apache and Keberos module. There are times you end up working with a custom authentication & Single Sign-On solution to an application despite modern authentication mechanisms. One such situation is providing seamless access to an application when accessing from an Active Directory domain-joined machine. It technically means leveraging the Kerberos token from the device and authenticates the user into the HEADER-based application. Utilizing Apache web server, Kerberos module, and apache r ..read more

 When uploading Azure AD SAML metadata to a service provider you might get below error message -   ********************************************************************* SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'” SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'. **************************************************************************** Q ..read more

There are times you want to know synched or cloud only groups. Command to search synched groups -  Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $TRUE} Command to search cloud only groups -  Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $NULL} Funny enough that DirSyncEnabled attribute contains "TRUE" (if it's synched group) "NULL" (if cloud only) Thanks Siva Pokuri ..read more

Below setting in Azure AD user entry will make the external account visible in Outlook Address book - Create Azure AD guest account using Graph API invitation URL Update the user entry by setting "ShowInAddressList" attribute to "true" using Graph User API Check the email address in Outlook Address Book Note - This above configuration worked in beta version of graph API. Thanks Siva Pokuri ..read more

Following some research over the types of groups being offered by Microsoft.  I realized that I didn't come across a feature comparison among all Microsoft groups. So I said myself why not create one :-) and share it. Thanks Siva Pokuri ..read more

Webhooks playing a much important role in today's event-driven communication between the server and a client, especially broadcasting changes from server to clients involving any changes. In a way, webhooks works reverse than the usual client sends a request to a server/service. Lately, most of the cloud service providers have this feature in their cloud offerings. I got a chance to check out and try Microsoft Azure AD webhooks/notifications. It comes handy especially when there is a requirement to monitor activities and notify concern parties for action. For example, user & group managem ..read more