Darren Robinson darrenjrobinson
darrenjrobinson
/ Get AAD FIDO2 Token Details.ps1
Last active
October 6, 2021 23:58
Get FIDO2 Tokens Azure Active Directory Passwordless configuration details using PowerShell. Associated blogpost https://blog.darrenjrobinson.com/what-does-your-azure-ad-fido2-passwordless-credential-look-like/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Install-Module MSAL.PS | |
| Import-Module MSAL.PS | |
| $resource = "https://graph.windows.net" # AzureAD Graph | |
| $apiVersion = "api-version=1.6-internal" # Internal API | |
| $scope = "user_impersonation" # Delegated User Impersonation | |
| $clientID = "1b730954-1685-4b74-9bfd-dac224a7b894" # PowerShell | |
| $tenantID = "yourcompanyAADName.com" # AAD | |
| $myUPN = "[email protected]" # User UPN |
darrenjrobinson
/ Interactive MSAL AAD Delegated AuthN.py
Last active
May 31, 2024 15:44
Interactive Authentication to Microsoft Graph using MSAL with Python and Delegated Permissions. See associated blogpost https://blog.darrenjrobinson.com/interactive-authentication-to-microsoft-graph-using-msal-with-python-and-delegated-permissions/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| from msal_extensions import * | |
| # Microsoft Azure PowerShell Client ID | |
| clientID = '1950a258-227b-4e31-a9cf-717495945fc2' |
darrenjrobinson
/ AAD User B2B Guest Federation Report.ps1
Last active
July 13, 2021 20:52
Query Azure Service Management with an Azure AD Member Account to report on tenants the AAD User is federated to as a B2B Guest User. Associated blogpost https://blog.darrenjrobinson.com/azure-ad-user-account-federation-report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module MSAL.PS | |
| Import-Module AzureADTenantID | |
| # Use the Azure PowerShell Well-Known Client ID | |
| $clientID = "1950a258-227b-4e31-a9cf-717495945fc2" | |
| # Get UserUPN | |
| $userUPN = Read-Host -Prompt "Please enter Azure AD User UPN" | |
| $tenantName = $userUPN.Split("@")[1] | |
| $tenantID = Get-AzureADTenantId -domain $tenantName |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:06
Azure AD PowerShell Function to query Azure AD for a User to get their full object and their group memberships then send a summary email via SendGrid. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell AzureAD Query HTTP trigger function received a request." | |
| Write-Host $Request.Body | |
| # Write-Host $Request.Query |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:06
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Input bindings are passed in via param block. | |
| param($Timer) | |
| # Get the current universal time in the default string format | |
| $currentUTCtime = (Get-Date).ToUniversalTime() | |
| # The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. | |
| if ($Timer.IsPastDue) { | |
| Write-Host "PowerShell timer is running late!" | |
| } |
darrenjrobinson
/ run.ps1
Last active
June 1, 2021 21:07
Azure PowerShell Function to receive and validate Azure AD Change Notification Subscriptions. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell HTTP trigger function received a new Azure AD Change Notification." | |
| # Convert Notification Details to a PSObject | |
| $objNotification = ($Request.RawBody | convertfrom-json).value |
darrenjrobinson
/ Create Azure AD Change Notification Subscription.ps1
Last active
June 1, 2021 21:07
Create a new Azure AD Change Notification Subscription for the 'User' ObjectClass and forward events to an Azure PowerShell Function. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Notifidcation Configuration | |
| $expiryMaxLength = 3 | |
| $expiryHours = ($expiryMaxLength * 24) / 2 | |
| $clientStateValue = New-Guid | |
| $notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime() | |
| $utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z | |
| # AAD User and Application Configuration | |
| $graphAutomationClientID = "azureADApplicationClientID" | |
| $graphAutomationSecret = "azureADApplicationSecret" |
darrenjrobinson
/ ValidateYubiKey-SingleFactor v2.ps1
Created
April 14, 2021 05:54
v2 PowerShell Script to validate YubiKey using Single Factor. Associated Blogpost https://blog.darrenjrobinson.com/validating-a-yubico-yubikeys-one-time-password-otp-using-single-factor-authentication-and-powershell/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Clear-Host | |
| # Client ID obtained after registering here https://upgrade.yubico.com/getapikey/ | |
| $clientID = '12345' | |
| # Read in the key | |
| $getKey = Read-Host 'Insert your YubiKey and touch it until the OTP is received (~2 seconds)' | |
| $credentialID = $getKey.Substring(0, 12) | |
| # Generate a Nonce | |
| $nonce = -join ((65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object { [char]$_ }) | |
| $nonce = $nonce.ToLower() |
darrenjrobinson
/ AADAuth_MSAL_Python.py
Last active
July 7, 2024 18:10
Microsoft Graph using MSAL with Python and Certificate Authentication. Associated blogpost https://blog.darrenjrobinson.com/microsoft-graph-using-msal-with-python-and-certificate-authentication/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| global accessToken | |
| global requestHeaders | |
| global tokenExpiry |
darrenjrobinson
/ import.ps1
Last active
April 1, 2021 04:50
Using the new Granfeldt FIM/MIM PowerShell Management Features - Import Script. Associated Blogpost https://blog.darrenjrobinson.com/using-the-new-granfeldt-fim-mim-powershell-management-features/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| $Username, | |
| $Password, | |
| $Credentials, | |
| $AuxUsername, | |
| $AuxPassword, | |
| $AuxCredentials, | |
| $ConfigurationParameter, | |
| $OperationType, | |
| [bool] $usepagedimport, |