Azure Service Principal using Password Authentication

If you wanted to ever setup a service account to use for Azure administration that uses a password for authentication, setup a Service Principal in AAD. Use this to use for things like Azure automation or any of those other Azure PowerShell admin scripts you have. See my other post on how to setup an Azure AD Service Principal using certificate based authentication instead.

AAD Service Principal Certificate Authentication

Did you ever wanted to automate everything in Azure? Using Azure Automation or using Remote PowerShell – pretty much anything automated in Azure, you should NOT be using a stock standard user account. Why? Because you can have all sorts of problems, for instance the password can expire and then it breaks everything and everything stops working. It’s a bit like on-prem days where you would use specific service accounts, each service account setup for a specific purpose, much easier to manage and it’s best practice. In Azure it’s no difference, you use a service principal and grant this service…

Azure (ASM) Classic IaaS inventory

If you ever wanted to capture a full inventory of an Azure Classic ASM IaaS based environment, using the script below is how you can do it – run it for ‘each’ Cloud Service. This will create two .json files on the desktop, one for the Cloud Service containing all the VMs (along with detailed information) and another for the vNet which is used.

SendGrid email using PowerShell

Have you ever wanted to automate sending email to anywhere via your SendGrid account? Maybe you have moved to the Office 365 and now that you don’t have an Exchange server on-prem anymore, you don’t have the luxury to use your own Exchange server as an SMTP server. You can’t use Office 365 Exchange Online as an SMTP server….. SendGrid to the answer – below is some PowerShell which will assist you in the automation of sending email using SendGrid.

Azure AD Disable Password Expiration

Imagine you had a specific user setup (a service account) to run all your Azure Automation runbooks. Then all of a sudden things stopped working, no runbooks worked anymore. You then troubleshoot and find that the password for the Azure AD account used in your runbooks has expired. By default when creating Azure AD account the password is set to expire and if you try to logon to PowerShell with an account which has an expired password, this is what you would see: Login-AzureRmAccount : AADSTS50055: Password is expired Previously this was fixed using the old MSOLUser cmdlets: Set-MsolUser -UserPrincipalName powershell@<tenant>.onmicrosoft.com…

Scheduled Task to run as any User

The following script will setup a scheduled task to run as any user by running the task as the ‘Users’ group. Please note, this is using the .Net method of creating the task, as there’s more options using the .Net method rather than using the PowerShell cmdlet: New-ScheduledTask The information to help build the below PowerShell script was taken from the website which covers all the information you need https://msdn.microsoft.com/en-us/library/windows/desktop/aa383607(v=vs.85).aspx

Auto Connect to WiFi access points

The following script is very handy for any Windows machine which relies on Wi-Fi, wireless or LTE 4G networks. WiFi at the best of times is not that reliable and you can experience WiFi dropouts or Wi-Fi disconnections. You can now have a full automatic solution which keeps a Windows machine connected to WiFi even if the connection drops. Running this AutoConnectWiFi.ps1 script (below) will ensure that the Windows device is actually connected to a known WiFi network. A known WiFi network is a network in which the device has already connected to in the past and is aware of both the…

Azure AD – SSPR, SSPC & MFA

SSPR (Self Service Password Reset), SSPC (Self-service password change) and MFA (Multi-Factor Authentication) are all features of AAD (Azure AD). Both MFA and SSPC are part of Azure AD Premium P1 & P2 editions as explained here. SSPR however requires Azure AD Premium or Basic explained here. First things first, follow the requirements listed here for AD Connect. You then need to make sure all the password reset stuff is all setup in Azure AD. To get to the Azure AD portal, logon to https://manage.windowsazure.com/@trusbron.com notice the domain at the end? Change this domain with yours. Even if you don’t have an Azure subscription…

AD Connect pass-through authentication & SSSO

This post walks you through two things: an upgrade of an existing AD Connect installation converting from ADFS to pass-through authentication Turning off ADFS setting up pass-through authentication and single sign on Recently Microsoft announced the new Azure AD Pass-Through Authentication and Seamless Single Sign-on. It’s a way of signing in to AAD (Azure AD) and AAD services using on-prem credentials as a reputable replacement to ADFS. This also includes any any third party apps all like Concour or SalesForce as well as custom apps. You can use AAD Premium to setup SAML 2.0 authentication to any custom app that supports claims…

Automatic MP3 tagging

A requirement for my business was to capture information for every song I had. The information required was the Composer (the person/s that wrote the song), the Year and the Record Label. I have over 13,000 songs and doing this on a manual basis would be an administration nightmare. So I used my PowerShell skills and set out to achieve what I found was a very reliable manual process, but turned into an automatic process. The most reliable process that I can find to date is: To grab the Record Label information from iTunes and a site http://staff.australian-charts.com/ to be used as…