The creation of an Azure IoT Hub is quick and simple, either through the Azure Portal or using PowerShell. But what can get more time-consuming is the registration of IoT Devices with the IoT Hub and generation of SAS Tokens for them for authentication.… keep reading
Provisioning Hybrid Exchange/Exchange Online Mailboxes with Microsoft Identity Manager
Introduction
Working for Kloud all our projects involve Cloud services, and all our customers have varying and unique requirements. Recently one of our customers embarked on their migration from On-Premise Exchange to Exchange Online. Nothing really groundbreaking there though, however they had a number of unique requirements including management of Litigation Hold.… keep reading
A quick start guide for Deploying and Configuring Node-RED as an Azure WebApp
Introduction
I’ve been experimenting and messing around with IoT devices for well over 10 years. Back then it wasn’t called IoT, and it was very much a build it and write it yourself approach.
Fast forward to 2017 and you can buy a microprocessor for a couple of dollars that includes WiFi. … keep reading
Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions
Introduction
At the end of last week (14 Sept 2017) Microsoft announced a new Azure Active Directory feature – Managed Service Identity. Managed Service Identity helps solve the chicken and egg bootstrap problem of needing credentials to connect to the Azure Key Vault to retrieve credentials.… keep reading
Display Microsoft Identity Manager Sync Engine Statistics in the MIM Portal
Introduction
In the Microsoft / Forefront Identity Manager Synchronization Service Manager under Tools we have a Statistics Report. This gives a break down of each of the Management Agents and the Connectors on each MA and therefore MIM Sync Statistics.
I had a recent requirement to expose this information for a customer but I didn’t want them to have to connect to the Synchronization Server (and be given the permissions to allow them to).… keep reading
Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync
Introduction
Windows Remote Management (aka Remote PowerShell) is a wonderful thing; when it works straight out of the box when you’re in the same domain. Getting it working across Forests though can feel like jumping through hoop after hoop, and sometimes like the hoops are on fire. … keep reading
Receive Push Notifications from Microsoft/Forefront Identity Manager on your Mobile/Tablet/Computer
Background
Recently in a FIM/MIM environment a daily automated process was executing but the task it was performing was dependent on an upstream process that generates a feed, and the schedule for that feed had changed (without notice to me). Needless to say FIM/MIM wasn’t getting the information it needed to process.… keep reading
Creating an AzureAD WebApp using PowerShell to leverage Certificate Based Authentication
Introduction
Previously I’ve posted about using PowerShell to access the Microsoft AzureAD/Graph API in a number of different ways. Two such examples I’ve listed below. The first uses a Username and Password method for Authentication, whilst the second uses a registered application and therefore ClientID and Client Secret.… keep reading
UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager
Earlier this week I posted this blog post that showed a working example of using a custom Pwned Password FIM/MIM Management Agent to flag a boolean attribute in the MIM Service to indicate whether a users password is in the pwned passwords dataset or not.… keep reading
Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager
Update: An element of this solution details checking passwords online (using the Have I Been Pwned API). Troy explains succinctly in his blog-post announcing the pwned passwords list why this is a bad idea. If you are looking to implement the concept I detail in this post then WE STRONGLY recommend using a local copy of the pwned password list.… keep reading