Small Script to Grant Azure AD Roles to Groups

Today it is not possible to grant roles in Azure AD to groups and is not likely to support dynamic groups anytime soon. I created a little script that grants a role to all users in a group. It checks and only adds the role to users in the group who don’t already have itContinue reading “Small Script to Grant Azure AD Roles to Groups”

Using AD extensionAttributes in Azure AD

I had a value in one of my extensionAttributes in AD populated with a data I needed to leverage in Azure AD dynamic groups. The specific attribute was extensionAttribute5. Without doing anything else this attribute is replicated to Azure AD and can be used as part of a dynamic group. For example I created aContinue reading “Using AD extensionAttributes in Azure AD”

Lots of new Azure Design and Identity free training available

I may have seemed to be very quiet over the past few months but that’s because I’ve been working pretty much every night and weekend on 11 new courses for azure.com that will shortly be available via the site but are immediately available for free via PluralSight. If you don’t have an account simply signContinue reading “Lots of new Azure Design and Identity free training available”

Two new videos on Azure AD – Conditional Access and Tokens!

Recorded two new videos this week. The first is an understanding of how tokens work with Azure AD and then one looking at conditional access (which can control the access to get those tokens for various scenarios). Word of caution – I talk about terms of use in the second video. If you just enableContinue reading “Two new videos on Azure AD – Conditional Access and Tokens!”

Understand the authentication pros and cons with Azure AD

When using Azure AD there are two types of authentication available: Cloud authentication where the authentication takes place against Azure AD Federated authentication where the authentication takes place against the federated service, for example using ADFS against Active Directory Domain Services When using the cloud authentication there are two ways to validate the password: AContinue reading “Understand the authentication pros and cons with Azure AD”

Add group members to another tenant via Azure AD B2B and PowerShell

I needed to add members of a number of groups from one Azure AD tenant to a group in another Azure AD tenant that would then be given access to a resource. The goal was to not require the users added to have to redeem the invite which is common when adding a B2B user.Continue reading “Add group members to another tenant via Azure AD B2B and PowerShell”

Migrate from ATA to Azure ATP with easy PowerShell

This week Azure Advanced Threat Protection (ATP) was made available as a product that is part of EMS E5 and is essentially ATA in the cloud. ATA is a service that takes a data feed from all domain controllers then uses that data to help identify various types of attack such as pass-the-hash, golden ticket,Continue reading “Migrate from ATA to Azure ATP with easy PowerShell”

Quickly check who are Global Admins in your Azure AD with PowerShell

The code below will list the Global Admins in your Azure AD. Note that if using privileged identity management any users currently elevated would also show. $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq ‘Company Administrator’} Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId Also note the PowerShell/Graph API name for Global Admins is Company Administrator.