Intune Local IP Printer Deployment

Printer deployment with Intune is not always easy. In larger environments you probably still have a Windows Print Server using printer shares. Connecting them is usually done via PowerShell scripting or Win32 Apps in Intune.

This solution is for those environments where you have no Windows Print Server and no Cloud Printing solution available. Just a bunch of clients and a bunch of IP printers. Getting the drivers installed can be a cumbersome task, especially if there are many different types of printers and default settings. I have done this in the past at clients where there was no better way.

Continue reading Intune Local IP Printer Deployment

Entra ID – AppReg Manager 2024 – v01

During my work as an IT Consultant, I frequently use PowerShell scripts to connect to Azure, Microsoft 365 or Microsoft Graph. When these scripts run automated on servers or in Azure Automate, I often use certificates for authentication. Creating these App Registrations in Entra ID portal is not very convenient.

I have used scripts before to create these App Regs. You might have seen it in my PSRoomSigning solution.

This script is a very complete App Reg Manager.

Features:

  • Create a new App Registration in Microsoft Entra ID with a new self-signed certificate.
  • Delete App Registrations in Microsoft Entra ID (multi select supported).
  • Report App Registrations with certificates/secrets that are expired or about to expire (export2csv).
  • Report API permissions or Role Permissions on App Registrations (export2csv).
  • Create a new self-signed certificate and add it to an existing App Registration (one that is about to expire).
  • You can choose how long the certificate is valid in days.
  • After creation it exports the certificate into a PFX file.
  • After creation it exports sample PowerShell code to use the new App Registration in PowerShell.

Requirements

  • Runs on PowerShell (only tested on Windows)
  • Uses Microsoft Graph PowerShell module (https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0)
  • Need Global Admin account or (….)

Installation:

  • Install the required PowerShell module: Install-Module -Name Microsoft.Graph
  • Extract the ZIP file to a scripts folder i.e. “c:\scripts\appregmgr”
  • Execute the script.

You can download the second (v2) version here.

.REVISIONS
2024_v02 – Update, Object ID instead of AppID was exported. Fixed.
2024_v01 – first release

Azure Snapshot Manager

Microsoft Azure is a great platform to host Virtual Machines. What native Azure doesn’t have is a good snapshot/checkpoint manager like Hyper-V does. Since some time now you can create disk snapshots per disk. If a Virtual Machine has multiple disks you have to create the snapshot for every disk. And for every disk it asks how you want to call it. Don’t even mention about putting the snapshot back in the VM.

That is where Azure Snapshot Manager comes in. This PowerShell based tool makes it a lot easier for you to create snapshots of all disks in one run. Also it allows you to apply the snapshot on any existing VM in the same region, but also create a new VM based of the selected snapshot. I have developed this script in a few iterations and I believe this version is ready to go into the wild.

If you have any suggestions or questions please check the About button on the site and let me know!

DISCLAIMER

Use of this script is at your own risk and responsibility: This script creates disk snapshots, attach and detach disks to new or existing VMs. No disks are deleted. Creating new Azure resources can increase costs on you Azure bill. Please take this into account.

DOWNLOAD

Download the script here: AzVMSnapshotMgr_v3.zip

Start the script and connect to Azure.

Continue reading Azure Snapshot Manager

PS RoomSigning 2022.02.05 (New Version)

Introduction

PSRoomSigning 2022 is a complete new version of the PowerShell based solution for RoomSigning. The solution has been reinvented because of issues with the 2021 version. If you installed the 2021 version and have “server error 500” sometimes please remove the old version and install this one.

RoomSigning 2022 will display the meetings in your meeting rooms in your environment. If you have an information display in your company restaurant or foyer you can display this information. Only meetings of today are displayed and meetings in the past are no longer on the screen, keeping it nice and clean.


Example of RoomSigning

How does it work?

The PowerShell script is designed to run as a scheduled task, or scheduled Azure Automation Runbook. The script needs a Service Principal Name in Azure AD with ‘Calendar.Read’ and ‘User.Read’ permissions. And when your target is Azure Web App Service the SPN needs Contributor permissions on the App Service.

When the script runs it will read the configured Exchange Online Room mailboxes and will render an HTML file in a configured target location. This HTML file is the visual representation of the Exchange Rooms. The HTML location needs to be a location where your display device can access it. This can be a webserver running local or in Azure or can be a local folder or a shared folder on a file share. If your client can access it, it will work.

Revision History:

2022 – Second release
• Reinvented the solution with extra jQuery script and splitting the HTML into two files.
• Add jQuery script for refreshing the page, making it more robust and stable.
• Requires webserver, doesn’t work local anymore.
• Fixed the PSRoomsigning_CreateResources.ps1 script now it works.

2021 – First release

Download the PSRoomSigning 2022 solution here.

PS RoomSigning

Introduction

PSRoomSigning is a PowerShell based solution for RoomSigning, you can run this script on your Windows based display device, webserver or run natively in Azure. RoomSigning will show the meetings of your meeting rooms in your environment. If you have an information display in your company restaurant or foyer you can display this information. Only meetings of today are displayed and meetings in the past are no longer on the screen.


Example of RoomSigning

How does it work?

The PowerShell script is designed to run as a scheduled task, or scheduled Azure Automation Runbook. The script needs a Service Principal Name in Azure AD with ‘Calendar.Read’ and ‘Directory.Read’ permissions. And when your target is Azure Web App Service the SPN needs Contributor permissions on the App Service.

When the script runs it will read the configured Exchange Online Room mailboxes and will render an HTML file in a configured target location. This HTML file is the visual representation of the Exchange Rooms. The HTML location needs to be a location where your display device can access it. This can be a webserver running local or in Azure or can be a local folder or a shared folder on a file share. If your client can access it, it will work.

The HTML file generated contains a 30 second auto refresh setting so when the script writes a new version it will be updated automatically.

Download the PSRoomSigning script here.

Azure VPN – Point to Site – Part 2/2

Welcome to part 2 of the Azure VPN blog, here you can find part 1. This part of the blog explains how to configure Azure VPN with Always ON and Azure Active Directory authentication and MFA. This will allow Modern Managed Azure AD Joined Windows 10 workplace to connect secure to the Azure network, and if required and you have a route back to on-premises you will be able to connect to on-premises network as well.

Continue reading Azure VPN – Point to Site – Part 2/2

Azure VPN – Part 1/2

This new Azure related blog describes how to extend your on-premises network to the Azure datacenter. The blog explains how to create an Azure Virtual Network, create VPN gateway, and connect it to your on-premises environment. In part 2 we expand this solution with Point-to-Site VPN, with Always ON – Azure VPN, allowing Modern Managed clients to connect via VPN to Azure Virtual Network, and if required to your on-premises network.


This picture shows the setup we are going to create in this BLOG.

The blog assumes you have basic knowledge about networking and how the Azure portal works. The region I usually work in is West Europe. Please adjust your region to you preferred Azure Region.

Part 1: Site-to-Site VPN

  1. Create Azure VNET
  2. Create Azure Virtual Network Gateway
  3. Create Virtual Machine in Azure
  4. Create Site-2-Site between Azure and Sophos XG
    1. Configure Azure
    2. Configure Sophos XG
    3. Proof of the pudding

Coming Soon: Part 2: Azure VPN (Point-to-Site)

Continue reading Azure VPN – Part 1/2

Azure AD – Directory Roles – Where are you?

Today I noticed something strange. I am scripting with AzureAD PowerShell against Azure AD. I have created a script that will create a Service Principal Name with Directory Reader role. This worked perfectly in my old trial/demo tenant and in customer tenants.

Last week I had to recreate my test lab environment because the licenses expired (I use 1 year demo tenants). Today I tried to create the SPN with the previously created PowerShell script and add the Directory Reader Role.

That script errored out at the line:
Add-AzureADDirectoryRoleMember -ObjectId (Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq “Directory Readers”}).Objectid -RefObjectId $sp.ObjectId

I tried logging in with Connect-AzureAD to the tenant in a new PowerShell window with my Global Admin account to the same tenant. After that I tried this command: Get-AzureADDirectoryRole


According to this PowerShell command there are only two Directory Roles.

Continue reading Azure AD – Directory Roles – Where are you?