Azure Active Directory version 2 PowerShell module

For a long time we have been using the msonline module in PowerShell to access Azure AD which provides Office 365 identity and security. This has now been superseded by the new:

Azure AD V2 PowerShell module

Also thanks to advances in PowerShell this module is even easier to install.

Just open the PowerShell application on your workstation (it is always recommended that you do this as an administrator). Then just type:

install-module –name azuread

and press enter.

You may be prompted about a Nuget provider as shown above. Select Yes to continue.

You should now see this being installed as shown above.

You may also be prompted about installing from an untrusted repository. Select Yes to all to continue.

You should now see the Azure AD module being downloaded.

When complete you’ll be returned to the command prompt.

You’ll still need to login to your tenant using the standard get-credential command. However now you use the following:

connect-azuread

command to access Azure AD.

Once that is complete you can issue some of the new module command such as:

get-azureaddomain

as shown above to work with your cloud AD.

This new Azure AD module will the option to use going forward to work with your identities PowerShell for Office 365 because the older version 1 msonline will be depreciated at some stage.

Azure CLI 2.0 on Windows Bash shell

I recently wrote how to install Azure CLI 2.0 on Windows 10:

Configuring Azure CLI 2.0 on Windows 10

However, another option now with Windows 10 is to use the Bash Shell. Here’s the process of how to install both Bash and Azure CLI 2.0 on Windows 10

You’ll firstly need to install the Bash shell on Windows 10. To do this navigate to Settings in Windows 10. Then select For developers as shown above. Now select Developer mode.

You’ll be prompted to turn on developer mode. Select Yes to continue.

Windows will firstly search for the appropriate package

and then install it.

When complete you should receive a message, as shown above, that indicates you may need to restart your PC. You don’t have to reset just yet.

Go to Control Panel and select the option to Turn Windows features on or off. From the list that appears, locate and select Windows Subsystem for Linux (Beta) as shown above and then select OK.

Once the changes have been made you will need to reboot your PC.

Once rebooted select the Windows Start Menu and type bash. Select the bash option from the menu that appears.

Hit Y to continue.

The bash shell will be downloaded from the Windows Store as shown above.

It will then be installed.

When that is complete, you’ll need to enter a bash shell admin user name and password. This doesn’t have to be the same as you PC login but make sure you remember the details.

The bash shell installation will complete as you can see above.

If you now return to Windows Start Menu and enter bash you will see the option has changed to Bash on Ubuntu on Windows.

Next step is to ensure the Ubuntu subsystem is up to date. To do this enter the following command at the bash shell:

sudo apt-get update

Next, enter the command:

sudo apt-get upgrade

Once that is complete enter the following command:

echo “deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main” | \ sudo tee /etc/apt/sources.list.d/azure-cli.list

Then:

sudo apt-key adv –keyserver packages.microsoft.com –recv-keys 417A0893

Then:

sudo apt-get install apt-transport-https

Finally:

sudo apt-get update && sudo apt-get install azure-cli

to actually install Azure CLI 2.0.

Now if you type:

at the command prompt you should see the Azure CLI appear as shown above.

Remember, Azure CLI is designed to be a cross platform tool. That means it works on both Windows 10 and Bash on Windows 10 as well as Mac, Linux, etc. This makes it a great way to manage Azure from any platform.

Configuring Azure CLI 2.0 on Windows 10

Azure CLI is a cross platform scripting tool that runs on Linux, Mac and Windows.

There are two versions of the Azure Command-Line Interface (CLI) currently available:

Azure CLI 2.0: Next-generation CLI written in Python, for use with the Resource Manager deployment model.
Azure CLI 1.0: CLI written in Node.js, for use with both the classic and Resource Manager deployment models.

What we’ll cover here is how to install version 2.0 on a Windows 10 machine. To do this you basically need to follow the following steps in this article:

Install Azure CLI 2.0

You’ll need to firstly download Python for Windows which you will find here:

https://www.python.org/downloads/

Select the most current version (here 3.6.1).

Once you have downloaded the file, right mouse click on the downloaded file and select Run as administrator.

Accept the UAC that appears.

The install splash screen should now appear. Before you commence the install ensure the option to Add Python to PATH is selected at the bottom of the dialog as shown.

Select the Install now option to commence the installation.

You should now see the installation progressing.

Select Close when complete.

Open a command prompt and type:

python –-version

to which you should see the version number as shown above indicating that Python has install as expected.

You now need to install the Azure CLI which you do using the command:

pip install –-user azure-cli

You should then see a range of package being downloaded as shown above.

This process will take a few minutes to complete.

When the process is complete, you’ll be returned to the command prompt as shown.

The command that you run to launch the CLI environment is az.bat. That has been installed in:

C:\Users\\AppData\Roaming\Python\Python36\Scripts

which unfortunately has not been added to the PATH environment. So you’ll need to add this for convenience.

From the Windows 10 Start type environ and you should see the option Edit environment variables for your account at the top of the list as shown. Select this.

Select the Path line in the top box and then select the Edit button.

Select New and add the path to the az.bat file as shown above.

Select OK twice to save your changes and exit.

If you now go to the command prompt and type:

you should see the Azure CLI appear as shown above. You are now ready to use Azure CLI 2.0 on Windows to manage your Azure environment.

Accessing user mailboxes in Office 365

Following least privilege access, by default, even global administrators don’t have access to user mailboxes. This may prevent you from doing bulk administrative operations for your environment. To gain access to perform bulk administration tasks, such as using PowerShell scripts, you’ll need to assign the appropriate rights. This can be done in two places in the web interface.

If it is just mailbox access you require then the best place to assign these rights is in the Exchange admin center which you access from the Office 365 Admin center.

Select permissions on the left and then Discovery Management on the right. You then select the pen icon above the list of permissions to make changes.

At the bottom of the dialog that appears you can add new members to this role as well as view the included roles as shown above, one of which is Mailbox Search.

The description for the Discovery Management permission is:

Discovery Management

Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.

Note that it only provides permissions to mailboxes.

There is another way to provide rights to mailboxes BUT you’ll also be providing rights to files in SharePoint and OneDrive for Business. If you are following least privileged access best practices, which you should, you shouldn’t use this process if all you need is access to mailboxes.

Here you’ll need to navigate to the Security & Compliance center from the Admin center. You’ll then need to select Permissions on the left and the eDiscovery Manager on the right. You again select the pen icon to add the appropriate users to this role.

The description for this role is:

eDiscovery Manager

Perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations.

Note how this role provides permissions to mailboxes AND files as mentioned.

Once you have given a user permissions to mailboxes you may need to wait a little while (15 minutes typically) for them to fully flow through to all elements. Then you can start making the bulk changes you need.

Setting up Azure email billing alerts

Azure billing is very different from Office 365. It is consumption based rather than fixed cost per month cost. That is you pay for what you use. The more you use per month, the more you pay. Azure is also typically a ‘post-paid’ service, that is you pay for your usage at the end of the month.

Using Azure services is becoming easier and easier which translates into higher charges. There is also the case where people consume Azure services not exactly understanding what they consuming. This can result in a type of ‘bill-shock’ where the expected charges can be above the anticipated amount.

One of the way to avoid any potential Azure ‘bill-shock’ is to set up email billing alerts in Azure to warn you when your Azure consumption exceeds some threshold. Here’s how to do that.

Open the Azure management portal and navigate to the Subscriptions option. Then select the appropriate Subscription from the list of those available and from the menu at the top of the selected Subscription page select Manage as shown above.

You should then see a summary of your current usage for that subscription as shown above. Email alerting is currently in preview so select preview features from the menu across the top of the page.

You should now see the Billing Alert Service as shown above. Select the try it now button on the left to enable the service.

You’ll be prompted to confirm your selection by clicking the check mark in the lower right of the dialog box that appears.

The page will pause and think for a few moments.

and then you should see that the Billing Alert Service is active as shown above.

If you now return to the subscriptions option from the menu across the very top, you should now see a new option on the menu for your subscription called Alerts as highlighted above. Select the Alerts option to continue.

Select the add alert option. You’ll notice that you get a total of 5 alerts you can configure.

Enter a name for the alert as well as the when the alert will fire. You can also nominate up to two email addresses this alert will be sent to.

You can alert for either Monetary credits (i.e. amount remaining) or Billing total (i.e. amount spent). In this case I’m going to select Monetary credits because I want to know when my monthly available amount is becoming depleted.

Select Save when complete.

You should now see the alert you just created listed as shown above.

If you expand the alert you’ll see all the details and be able to make changes. You’ll also see the delete option (garbage can icon) on the right.

You can now add any additional alerts you desire.

Now if your subscription triggers an alert you’ll receive an email notification. Remember, if you have multiple Azure subscriptions in a tenant you’ll need to repeat this process for every subscription you wish to monitor.

Lowering your Azure VM costs

Microsoft have announced a new ‘Hybrid Use Benefit’ method to potentially reduce the cost of VMs in Azure by allowing you the right to use some of your on-premises licensing in Azure VM’s.

The above video give you more information as does this page:

https://azure.microsoft.com/en-us/pricing/hybrid-use-benefit/

As you can see, the saving can be up to 40%! That’s pretty significant if you qualify.

Another tool that Microsoft has just announced to help you migrate to Azure is the:

Free cloud migration assessment

This assessment can help you:

Identify all the servers across your datacenter environment
Analyse your workload configuration
Estimate the initial cost benefits of moving to Microsoft Azure
View and export the results into a customized report

However, if you are just getting started with Azure check out this on demand webinar:

Getting Started with Microsoft Azure

External access for Microsoft Teams slated for June

Microsoft Teams is significantly changing the way businesses think about collaboration as I have detailed previously:

The modern way of collaboration using Microsoft Teams

but we still need to keep in mind that it is all still relatively new.

One of the most requested enhancements, as you can see from the above post on Uservoice is to allow external access to Microsoft Teams.

Good news is the reply posted by Microsoft shown above. They have committed to a date for this feature addition and that date should be in June! Pretty quick eh?

It will be amazing to think of all the collaboration opportunities that will open up once Microsoft Teams is available to third parties. This is going to make the product bigger and more successful than it already is.

My advice? If you haven’t started looking at Teams you really should be.

Need to Know Podcast–Episode 148

Marc goes solo for this episode as he covers the recent Experts Live in Melbourne. He speaks with a bunch of guests all about the sessions that happened during the conference and their thoughts about the technology being discussed.

Take a listen and let us know what you think –feedback@needtoknow.cloud

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-148-experts-live/

or via Soundcloud here: