PowerShell – Microsoft Graph API

Need to connect to Microsoft Graph with PowerShell? The following PowerShell script does just that (pretty easily)!

So what is Microsoft Graph API?

“Microsoft Graph is a Microsoft developer platform that connects multiple services and devices. Initially released 2015, the Microsoft Graph builds on Office 365 APIs and allows developers to integrate their services with Microsoft products, including Windows, Office 365, and Azure. At its Build 2017 conference, Microsoft announced it would use the Microsoft Graph to bring new functionality and connectivity between Windows and other OS platforms, including Android and iOS.”Wikipedia

The following script have a function called “Get-GraphAPIAccessToken” (line 127 in the code below) which have two optional options available.

  • Credential
    • If you don’t want to get an login prompt, when connecting to the API. Then use:
      -Credential (Create-PSCredential -Username “admin@contoso.onmicrosoft.com” -Password “AdminPasswordHere”)
  • ClientID
    • If you need to use a registered application in Azure AD, specify the application id. Otherwise it will use a well-known value that are registered with Azure AD. An example would be:
      -ClientID 3b7e46ca-4495-410f-9691-f90793f0f666

 

There are some requirements before you can run the code, which is:

  • You need an valid internet connection (duuuh?!).
  • The script leverages AzureRM and the script will try to install it, but if it fails you can use “Install-Module AzureRM -SkipPublisherCheck -AllowClobber -Force -Confirm:$false;” to install it.

When you have an access token, you can use the following example which gets the current user profile details:

Get the Azure AD users:

Send an e-mail (need an Exchange license on the user):

 

For more usage examples, Microsoft have create an repository on GitHub.

SCCM – Create Device Collections Based On Security Groups

I’m back again, with a quick how-to on SCCM.

Have you ever needed to create device collections based on security groups (user accounts) in Active Directory? -Well look no further!
You can use the following WQL in a collection.
Only thing you need to change is the SMS_R_User.UserGroupName=”CONTOSO\\mysecuritygroup”.

 

SCCM – Cloud Management Gateway and Cloud Distribution Point

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet without additional infrastructure. You also don’t need to expose your on-premises infrastructure to the internet.

A cloud-based distribution point is a System Center Configuration Manager distribution point that is hosted in Microsoft Azure. The following information is intended to help you learn about configurations and limitations for using a cloud-based distribution point.

In this step-by-step guide, I will demonstrate how to configure and establish a Cloud Management Gateway (CMG) and Cloud Distribution Point (CDP) in SCCM and Azure.

In order to walk you through the entire process of setting up the Cloud Management Gateway and Cloud Distribution Point features, I am going to break this down into 6 parts.

  1. Overview
  2. Certificates
  3. Azure Service
  4. Cloud Management Gateway
  5. Cloud Distribution Point
  6. Log Files

Read More

PowerShell – Intune Local Administrator Password Solution (iLAPS)

If you have devices that is connected to an on-premise, you would certainly configure the Local Administrator Password Solution (LAPS), which allows unique password for each local administrator across the enterprise network.

Unfortunately this method only works when you have on-premise devices, but what about Azure AD Joined machines? – A short answer is “no”.

LAPS takes advantage of 2 attributes in the local Active Directory, these attributes are not available in Azure AD.

Therefor I have created a small application that mimic the same behavior for Azure AD devices, which I call “iLAPS” for Intune Local Administrator Password Solution.

Read More

PowerShell – Symmetric Encryption

You can use this PowerShell function to encrypt/decrypt data with a secret key.

I re-wrote the functions from Travis Gan, for a better overview and also added comments to the code.

Use free of charge!

Read More

PowerShell – Azure Storage Using REST API

Yo! I’m back again. This time I have been playing around with Azure Table Storage.

Azure Table storage is a service that stores structured NoSQL data in the cloud, providing a key/attribute store with a schema less design. Because table storage is schema less, it’s easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data.

You need to create a storage account in an Azure subscription and generate a shared access signature, prior before using the code below.

I created some lightweight functions that allows you to insert and get data from a table with PowerShell, using REST API.

Read More

PowerShell – Invoke-Ping

Just wrote a small PowerShell function that can output ping results to a file including timeouts and unreachable information. This is not something the native Test-NetConnection cmdlet can do (prove me wrong?) unfortunately.

Use the function free of charge.

Read More

Intune – The sync could not be initiated (0x82ac019e)

Recently I had a few users that couldn’t initiate a sync on their Windows device to Microsoft Intune.

The error was “The sync could not be initiated (0x82ac019e)“, luckily the solution is easy.

Read More

Ethical Hacking – Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic.

In this post I will go through the basic usage and some examples of some different attacks.

In these examples we are using Kali Linux as a operating system.

This post is part of a series called “Ethical Hacking”.

Read More

Ethical Hacking – Wireless

In this post I will go through the vocabulary around the wireless technologies. I will also show tools you can use to test in your own environment.

This post is part of a series called “Ethical Hacking”.

Read More