JSON

Automated Alerts on Azure (Entra ID) Application Secret Expirations

Automated Alerts on Azure (Entra ID) Application Secret Expirations

Comments 41 comments

Monitoring Azure AD (Entra ID now) application secret expirations in an enterprise is a critical aspect of maintaining robust security and ensuring uninterrupted service. When application secrets expire without timely renewal, it can disrupt business operations by causing application failures. Proactive management of application secret expirations helps enterprises avoid last-minute issues, enabling a more secure and efficient operational environment.

During my brief research in finding an automated approach to monitoring application secret expirations, I found multiple write-ups and articles but many only showed the code on how to get the expiration property without walking through setting up the automation itself. Another issue was not converting the default UTC time to local time to get more accurate expiration datetimes, and also dealing with applications with multiple secrets that expire at different times.

This article will walk one through the code’s logic, including converting time and dealing with multiple values, and creating … Continue...

Getting Started With Bicep: Compiling, Deploying, and Decompiling

Getting Started With Bicep: Compiling, Deploying, and Decompiling

Comments 0 Comment

In the first post of the ‘Getting Started with Bicep’ series we learned what is Azure Bicep and how to install it and begin working with it. Next, we learned how to create our first Bicep template and user parameters and variables and the different data types there are. Now, in this section we will learn how to compile our Bicep templates and deploy them to Azure.

Compile Bicep to ARM

The first item we need to do is to compile or transpile (Transpiling is a specific term for taking source code written in one language and transforming into another language that has a similar level of abstraction.) our Bicep code to ARM (JSON) code. Then, once compiled, the resulting ARM (JSON) template will be deployed to Microsoft Azure.

From our previous post on ‘Getting Started with Bicep: Building your First Bicep Template‘ we created a basic Bicep … Continue...

Getting Started with Bicep: Building Your First Bicep Template

Getting Started with Bicep: Building Your First Bicep Template

Comments 0 Comment

In the first section, Getting Started with Bicep, an ARM DSL for Azure, we went through what is Azure Bicep, and how to install Bicep on your machine. Now, we will learn how to build our first Bicep Template.

Bicep Declaration Overview

First, lets look at a Bicep declaration in a basic form:

The highlighted Resource (below) indicates the start of the declaration of a new resource in Azure to deploy.

Next, we have the Symbolic Name (in my example: stgact), which is an identifier within the Azure Bicep file. This will allow you to get the properties from the declared resource to be used in other resources elsewhere. Keep in mind, this is not the name of the Azure resource that is deployed.

Following the Symbolic Name, we have the Resource Provider.

Next, we have the Resource Type,  this is the Azure Resource Type name for the resource … Continue...

Getting Started with Bicep, an ARM DSL for Azure

Getting Started with Bicep, an ARM DSL for Azure

Comments 1 comment

Note: This is one part of a several part blog series that goes through Azure Bicep

What is Azure Bicep

Bicep is a Domain Specific Language or DSL, for deploying Azure resources in a declarative manner. It ‘aims to drastically simplify the authoring experience with a cleaner syntax and better support for modularity and code re-use. Bicep is a transparent abstraction over ARM and ARM templates, which means anything that can be done in an ARM Template can be done in Bicep.’1

Bicep moves away from the JSON syntax used by ARM Templates to something similar to HCL in Terraform. The end result is a syntax that is easier to both read and write. Bicep code is converted into ARM Template code (JSON), and then the resulting ARM Template code (JSON) is used to deploy your Azure resources.

One of the key benefits to Bicep to another DSL like … Continue...

Post Notifications About Unused Office 365 Licenses to Teams using Azure Runbooks

Post Notifications About Unused Office 365 Licenses to Teams using Azure Runbooks

Comments 0 Comment

I have written several articles on using PowerShell to send alerts and notifications to Microsoft Teams, but up until now they were set up using only the task scheduler. As more and more companies move to the cloud I wanted to see how I could do cloud infrastructure alerting as well. In this article I am using an Azure RunBook to connect to my Office 365 tenant, parse my licenses, and return any that need reconciliation. If you get your Office 365 licenses from a CSP or any other kind of reseller, you may get charged for all of your licenses, applied or not. So it’s a good thing to make sure you don’t have any extra ones lying around.

Set Up the Azure Environment

Resource Group, Runbook and Automation Account Creation

I created a script that you can just change the variables for and it will create the following … Continue...

Post Inactive Users as a Microsoft Teams Message with PowerShell

Post Inactive Users as a Microsoft Teams Message with PowerShell

Comments 14 comments
In my previous post I went through setting up a Team’s webhook to send a daily message / notification of all your Active Directory users that have their password expiring in a week or less. This is valuable for an IT team as they can review users and work together on the within the same work space (team). In this post I will be setting up another scheduled task to send a daily message on Active Directory accounts that have not logged on in 90 days or more. I am also returning attributes like LockedOut, LastLogon, Enabled and more. The array of users is sorted, showing the users that have not logged on in the longest to the shortest. You can change the sort order to fit the needs of your environment. By using the cmdlet, “New-Timespan” I can get the amount of days since the user last logged on.… Continue...
Post Users with Expiring Passwords as Microsoft Teams Message with PowerShell

Post Users with Expiring Passwords as Microsoft Teams Message with PowerShell

Comments 9 comments

Microsoft Teams has many connectors available including Incoming Webhook. “This provides an easy solution to post notifications / messages from any scripting language through JSON formatted web service call.”1

In this post I will show you how you can gather all of your users who have passwords expiring within a specified time range, and send a notification including all relevant information to a Teams Channel. In my example I will get all users who have passwords expiring in 7 days and less and have it notify my “Help Desk” Teams Channel.  

The current script will parse only enabled users because we don’t need to report on users, ‘passwordlastset’ attribute if the account isn’t even allowed to log in. It will also sort all of our data, so the users with passwords expiring the earliest will always be at the top of the message. The top description under, “Users … Continue...