machv

name: Deploy Azure Function App

on:
  push:
    paths: 
      - 'azf/**'
    branches: [ main ]
  workflow_dispatch:

# CONFIGURATION

machv

Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All", "Domain.ReadWrite.All", "AuditLog.Read.All"

$guests = Get-MgUser -Filter "userType eq 'Guest'" -ExpandProperty "memberOf" -Property "createdDateTime", "signInActivity", "displayName", "userPrincipalName", "mail", "userType"

[array]$guestsReport = @()

$guest = $guests | Select-Object -First 1
foreach($guest in $guests) {
    "{0} [{1}] (groups: {2}); Created = {3}; Last Sign In = {4}" -f $guest.DisplayName, $guest.userPrincipalName, $guest.memberOf.Count, $guest.createdDateTime, $guest.signInActivity.lastSignInDateTime

machv

install-module Microsoft.Graph.Users, Microsoft.Graph.Identity.SignIns, Microsoft.Graph.Groups
Connect-MgGraph -Scopes 'User.ReadWrite.All', 'GroupMember.ReadWrite.All', 'Group.ReadWrite.All'

$groupId = "c259b03c-6b11-44ea-a768-76b077d2cb93"

$invite = [PSCustomObject]@{
    mail = "[email protected]"
    name = "Franta Novák"
}

machv

<# setup

Connect-AzureAD
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "<SecretPassword>"
$PasswordProfile.ForceChangePasswordNextLogin = $false
$user = New-AzureADUser `
         -DisplayName "Photo Syncer" `
         -PasswordProfile $PasswordProfile `
         -UserPrincipalName "<UserName>" `

machv

preview

machv

$configFilePath = "$($env:USERPROFILE)\aad.cnf"
$data = Get-Content $configFilePath
$config = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($data)) | ConvertFrom-Json

$token = Invoke-ClientCredentialsFlow -Tenant $config.TenantId -ClientId $config.ClientId -ClientSecret $config.ClientSecret
$headers = @{
    "Authorization" = "Bearer $($token.AccessToken)"
}

# Get AAD Users.

machv

$nsgName = "litware-sccm012021-05-10T04-44-28-34"
$nsgResourceGroup = "litware-infra"
$priority = 200
$sourceAddressPrefix = "*" # zdrojový server/prefix pro odesílání SMTP přes ExO

#region Helper functions
function Set-NsgRule {
    param(
        $nsg,
        $smtpEndpoint,

machv

Connect-AzAccount

[void][Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')

#region Source group
$sourceGroupName = [Microsoft.VisualBasic.Interaction]::InputBox('Zadejte název zdrojové Azure AD skupiny pro načtení členů:', 'Zdrojová skupina')
if(-not $sourceGroupName) {
    Write-Host -ForegroundColor Yellow "Je potřeba zadat jméno skupiny"
    return
}

machv

param (
    [Parameter(Mandatory = $true)]
    [string]$sourceAadGroupName, 
    [Parameter(Mandatory = $true)]
    [string]$destinationAdGRoupName, 
    [Parameter(Mandatory = $false)]
    [bool]$RemoveUnmatched = $true
)

#region Azure Automations connect as RunAs

machv

$policyName = "DDoS"
$roleToNotify = "Owner"

$policy = Get-AzPolicyDefinition | Where-Object { $_.Properties.displayname -eq $policyName }
$nonCompliantNetworks = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionName -eq $policy.Name } | Group-Object SubscriptionId

foreach($group in $nonCompliantNetworks) {
    $subscriptionId = $group.Name
    $networks = $group.Group