PowerShell: Setting Azure Active Directory Diagnostics Forwarding

Currently we a spending most of our time doing Azure Gonvernance projects for customers.This includes DevOpsPipelinesTemplatesand moreManagement/Resource Group StructurePoliciesMonitoringIf you need anything in aboveareas, don’t hesistate to contact us!We can help you get into azure from nothing to production, or help you get control of your azure spending and structure.One of the things we setup is Diagnostics logging in Azure Log Analytics from various resources.This is super easy to setup on all Azure Resources, but it is actually also possible to enable on Azure ADs.Azure AD forwards these logs:AuditLogsSignInLogsThe challenge is that Azure AD is Not  a normal Azure resource, [...]

By |2019-02-19T11:30:37+01:00februar 19th, 2019|Automation, Azure, Monitoring, Powershell|3 Comments

Disabling LEDBaT on Your Windows 2016/2019 Server

I have seen a few threads across a couple of forums asking about how to disable LEDBaT correctly. Here are two options which are applicable across a couple of scenarios: Scenario#1: You are confident you do not have any other custom CongestionProvider or TransportFilter configurations on your server. Solution: 1 of the 2Pints, Phil Wilcock (follow: @2PintPhil), has provide what is by far the quickest and easiest solution with good 'ol netsh: netsh int tcp reset *When you run the reset command, it overwrites the following registry keys, both of which are used by TCP/IP: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters SYSTEM\CurrentControlSet\Services\DHCP\Parameters This has the same effect as [...]

By |2018-11-19T06:23:22+01:00november 18th, 2018|Configuration Manager (SCCM), Powershell, Scripting|3 Comments

Automating SSRS favorites with REST API

This information applies to SQL Server Reporting Services 2017 and later. As more and more organizations rely on visualization and reporting to get the information they need, more and more reports come into play. With Configuration Manager 1710 you get almost 500 reports where only a subset are relevant to you and your team. This blog post will show you how you can automate the use of favorites in SQL Reporting Services 2017. Prior to SSRS 2017 you had to find the report and mark it as a favorite. Beginning from SSRS 2017 we can now use a combination of [...]

Taking advantage of Run Script in ConfigMgr 1710

As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that? This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine! If you’re like me, you might get stuck in the “this is awesome but how do I move forward with [...]

By |2017-12-20T09:12:22+01:00december 20th, 2017|Powershell|1 Kommentar

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Intune: Use PowerShell management extension to enable BitLocker on a modern managed Win10 device

I wrote a blog post back in April on "how to manage BitLocker on a Azure AD Joined Windows 10 Device managed by Intune", where I also wrote a PowerShell script to automate the encryption process for the day that we would get PowerShell support in Intune. Well Microsoft announced in September the Management extension for Intune which basically lets you deploy PowerShell scripts via. Intune to Windows 10 devices. My co-worker Peter Daalmans wrote a great blog post about it right after, where he explained in more detail about the extension. I have a link for that post at [...]

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Watch out when using $PSModuleAutoLoadingPreference = “none” in a PS Remote Session in Windows Server 2016

Recently I discovered a change in the default behavior of PSRemoting Sessions in Windows Server 2012 R2 vs. Server 2016. I was migrating a script from 2012R2 to 2016 and surprisingly, I got this error:   The term 'Get-Date' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included , verify that the path is correct and try again. + CategoryInfo : ObjectNotFound: (Get-Date:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException + PSComputerName : ctaa01   When I vestigated the issue I found that [...]

VIP Users Part 2 or how to synchronize group membership from AD to SCSM

Dealing with VIP users is a common practice within Service Management. This old blogpost explains a very good approach to mark VIP users in SCSM as VIP users. We simply extend the User class with an extra boolean property (true/false) and we then expose that property on the Incident right under the Affected User. That way Analysts can quickly see if the person is VIP and you can also make various workflows or notifications based on this property.   What is missing in the above post is how we figure out who is VIP or not. For many, this relationship [...]

By |2017-08-30T11:48:15+01:00november 15th, 2016|Automation, Powershell, Service Manager (SCSM)|2 Comments

Azure Function to enable Microsoft Graph API webhook subscriptions to Azure Automation webhooks

Azure Functions is a great new, cheap and easy way to publish simple web services. Functions can be written in multiple languages such as C#, PowerShell or even Batch! You can read more about them here: https://azure.microsoft.com/en-us/services/functions/ This Azure Function is based on PowerShell and I have used it in multiple session on conferences such as MMS 2016 (was in a C# version though) and System Center Universe Europe 2016 About the function: When using subscriptions in Microsoft Graph API, you have to Validate your webhook by returning a verification code which Graph API sends to the webhook. Unfortunately Azure [...]

By |2016-08-24T16:00:48+01:00august 24th, 2016|Azure|Kommentarer lukket til Azure Function to enable Microsoft Graph API webhook subscriptions to Azure Automation webhooks

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By |2016-05-31T21:32:16+01:00maj 31st, 2016|Configuration Manager (SCCM)|Kommentarer lukket til Create ConfigMgr Servicing Plans with Excel and PowerShell

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By |2016-05-26T17:43:26+01:00maj 26th, 2016|Configuration Manager (SCCM)|Kommentarer lukket til ConfigMgr cmdlets and Lazy properties

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By |2016-05-24T15:23:08+01:00maj 24th, 2016|Configuration Manager (SCCM)|Kommentarer lukket til ConfigMgr Move-CMObject issue and one possible workaround

Creating ConfigMgr Servicing Plans with PowerShell

Last week we got a new set of cmdlets for Configuration Manager and now we have the ability to create Servicing Plans with PowerShell. I put together end-to-end example and with this script you can: Create a folder called Software Updates (cant move Device Collections into a folder because Move-CMObject is broken in latest release) Create 5 Device Collections Create Software Updates Deployment Package Download the necessary upgrade package Distribute the package to a Distribution Point Create 5 different Servicing Plans   ############ WINDOWS 10 SERVICING ###############################     Get-CMWindowsServicingPlan     New-CMWindowsServicingPlan #These cmdlets require Configuration Manager 1511 or newer. $DeploymentPackageName [...]

By |2016-05-23T16:18:15+01:00maj 23rd, 2016|Configuration Manager (SCCM)|1 Kommentar

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Azure PowerShell: How to assign access to a subscription using PowerShell (RBAC)

I had this question from a customer recently, and when I searched the net I wouldn’t find any specific examples. This example assigns a user as a Contributor to the subscription. When you assign roles to resources, all you need is the URL for the resource and provide it to this cmdlet. Here you go: Login-AzureRMAccount $userEmail = "[email protected]" $SubscriptionName = "Test Subscription" Get-AzureRmSubscription -Subscriptionname $SubscriptionName New-AzureRmRoleAssignment -SignInName $userEmail -Scope "/subscriptions/$($sub.SubscriptionId)" -RoleDefinitionName Contributor That’s all for today!

By |2016-02-18T13:41:05+01:00februar 18th, 2016|Azure, Powershell|4 Comments

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection `         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature `         -Name [...]

December 1st: Azure Automation: Triggering a webhook from a SharePoint workflow using Out-of-the-box Activities

Welcome to this year Coretech December Calendar! Today is the 1st of december and we have a great little christmas treat for you! This is the first post in a series of posts, published every day in December. Today's subject is Triggering Webhooks from SharePoint! One of the great new features in Azure Automation is Webhooks! Webhooks is everywhere! More and more cloud services support them. Basically it is a simple HTTP Post sent to a web service that starts the runbooks. We can then send a bunch of data with the post and have the runbook receive these dato. [...]

By |2015-12-01T12:00:00+01:00december 1st, 2015|Automation, Azure|7 Comments

Azure automation: Start-AutomationRunbook – New simple way to start runbook jobs from within a runbook!

Microsoft has just released a new cmdlet in the realm of Azure automation. Start-AutomationRunbook The cmdlet is designed to start runbook jobs in the same account as the current running runbook, without having to define any endpoints/credentials/etc. Syntax is: Start-AutomationRunbook [-Name] <string> [-Parameters <IDictionary>] [-RunOn <string>] [<CommonParameters>] How to start a runbook: Start-AutomationRunbook – Name "Test-JSONOutput" Start a runbook on a hybrid worker Start-AutomationRunbook – Name "Test-JSONOutput" –RunOn "Denmark" NB! The cmdlet can only be used inside runbooks Great little addition to the built in cmdlets in Azure automation!

By |2015-11-20T15:33:22+01:00november 20th, 2015|Automation, Azure|6 Comments

Azure Automation: Script for downloading and preparing AzureRM modules for Azure Automation!

Update from MSFT: 2/22/2016: To respond to a common user question, right now there is no timeline on when additional modules / new versions of modules will be shipped out of box in the Automation service. If you have additional requirements besides what we currently ship globally, these modules / module versions will have to be imported as user modules. Please note the new guidance is that if the latest version of any Azure/AzureRM module is imported as a user module to an automation account, the latest versions of ALL Azure/AzureRM modules (not just the ones that ship out of [...]

By |2015-10-12T16:01:15+01:00oktober 12th, 2015|Azure|7 Comments