Month: March 2019

Intune backup with Microsoft Graph and Azure Storage

Every admin knows that in some cases a backup copy can be life saver. Regardless is a server OS backup with some specific configurations, or a database holding critical billing information … or why not, a set of Intune device configuration policies Scenario In this post we start with the following challenge. You are an Intune administrator that work on a large team with multiple tenants. The environment complexity often led to modifying configuration on a wrong tenant or replacing a configuration by mistake. You require a better change management process, but in the mean time you still need to protect the data ( in this case the Intune configuration policies)S Solution Implement a backup solution with an automation account and Azure Storage. The automation account will use a native Microsoft Graph application you previously created In this post we will discuss the following steps Create the resource group and storage account with PowerShell Create the automation account Add a runbook to perform the backup Schedule the runbook execution Resource Group and Storage Account The data that you plan to backup needs a place to rest. Using the below script, we create a new resource group and a storage account. Feel free to modify the names if you like, but make sure your changes are consistent across the entire solution ( if you change them here, you change them...

Read More

Unattended Microsoft Graph API calls with PowerShell

Microsoft recently announced that developers should switch focus from Azure Ad graph to Microsoft Graph considering the plans are to work hard to close the gab between the two products – here The Modern desktop management word fosters automation more than ever. Operations on tenant like maintenance or replication will become more and more familiar. In this post you will learn how to use unattended Microsoft Graph API calls with PowerShell. Below are the high-level steps we will discuss Register native AAD application with application secretGrant permissions and administrative consent Create access token and access Microsoft Graph Register Native AAD application. We will register the application using PowerShell commands. As seen below, we need a client secret, an application name and redirect URIs connect-Azuread $tenantID=(Get-AzureADTenantDetail).ObjectId #client Secret is the application password . You can cenerate this as long as you dont have # special characters like + or / that can prevent correct authentication $client_secret = "2Uban4QXXXXXqg6mcXdpXXXXXzsTPPixJf6kXgcml3E=" $applicationName="BlogGraphApp" #you canuse any valid URL here $homePage = "https://gmarculescu.com" $appIdURI = "https://gmarculescu.com/?p=584" $logoutURI = "http://portal.office.com" #We create the application secret valid for one year starting today $today=[System.DateTime]::Now $keyId = (New-Guid).ToString(); $applicationSecret = New-Object Microsoft.Open.AzureAD.Model.PasswordCredential($null, $today.addyears(1), $keyId, $today, $client_secret) # We create the AAD aplication $AADApplication = New-AzureADApplication -DisplayName $applicationName ` -HomePage $homePage ` -ReplyUrls $homePage ` -IdentifierUris $appIdURI ` -LogoutUrl $logoutURI ` -PasswordCredentials $applicationSecret # We create a service principal for...

Read More