Expertenwissen von Marcel Meurer

I spent hours today adding Azure AD authentication to an Azure MVC web application with Visual Studio. I always got the same error while adding the preconfigured AD application:

“Error: Unable to query for Azure AD applications: An error occurred while processing this request.”

My account has the right permission in Azure AD – I thought. After a while I found out: Visual Studio was connected to my Azure AD with three different accounts:

Normally,

Introduction

Microsoft offers with Log Analytics a cloud based big data service. Log Analytics is used by several services (including Azure itself) to log and analyze data. It’s a core component of Azure Monitor and Application Insights.

Log Analytics key facts:

•  Cloud based
• No data aggregation
• Pay per upload and data retention
• Powerful query language (kql: <https://docs.microsoft.com/en-us/azure/kusto/>)
• Direct support for visualization on portal.azure.com

I use Log Analytics for several project where data aggregation and analyzation are main tasks.

„Daten sind das Gold kleiner, mittlerer und größerer Unternehmen.“ Mit dieser Aussage haben Florian Stadtfeld und ich in den letzten Monaten so einige Workshops rund um Data, Analytics und AI begonnen. Unterwegs waren wir in unserem Kundenumfeld als auch in der Partnerlandschaft. Was fast schon wie eine Phrase wirkt, scheint im Kontext des Datenschutzes und andere Verordnung manchmal schon als „schwierig“. „Darf man denn das?“ werden wir oft gefragt und wie so oft ist die Antwort: „It depends“.

A few weeks ago, I started an IoT project with a company responsible for a huge amount of different buildings around the world. We deployed several virtual and physical sensors in Azure IoT Hub. Doing this we had three challenges:

• Deploy new IoT devices in Azure IoT hub in a batch
• Generate SAS tokens for these IoT devices
• Generate SAS tokens even if a device still exist in Azure IoT Hub

The requirement of batch processing avoid the use of the Device Explorer to generate SAS token.

More than two years ago, I created my PowerShell module to access OneDrive. This module can be installed with a one-liner from https://www.powershellgallery.com/packages/OneDrive

Again, I was asked to support OneDrive for Business and finally I’m ready: From version 2.0.0 OneDrive for Business is supported.

I provide the complete documentation on GitHub, where I will maintain it: https://github.com/MarcelMeurer/PowerShellGallery-OneDrive

Here is the summary of version 2.0.0:

———————————————-

The OneDrive PowerShell module is available via PowerShellGallery.com.

Recently I got some questions on how to work with my PowerShell module for OneDrive. Therefor, I put together some examples.

Remember: The OneDrive module is for OneDrive personal and doesn’t work with OneDrive business / Sharepoint.

First: Register an app (authentication) for OneDrive: https://www.sepago.de/blog/onedrive-powershell-module-new-version-with-improved-authentication/

Authenticate to OneDrive

Show files and folders

Create new folder in OneDrive

Copy files from local to OneDrive

Copy file from OneDrive to local disk

Delete file in OneDrive

Azure OMS Log Analytics is often used by Azure services. Unfortunately, Azure AD audits and sign-ins are not configurable for log analytics now (I bet this will change soon). But for now, we must work around to archive this.

My favorite way is:

Sending audit logs and sign-ins to event-hubs -> collecting event-hub data from Logic Apps -> transferring data to Log Analytics

Step-by-step
Creating an Event Hub namespace

Create a new event hub namespace in Azure with the Azure Portal.

Sharing access across different tenants in one of the key benefits of Azure AD. My customers appreciate that they can provide azure-based solution to their cooperated users and to guest users as well. Cooperated users include users from the group and subsidiaries. They all can access resources with one identity – on-premises and in the cloud (Same-sign-on, single-sign on).

Guest users can be deployed manually via the Azure portal, via PowerShell or with a connector to another system (like SAP HR).

Users can have different administrative roles in Azure Ad. Azure Portal can show these roles and members. Sometimes it can be favorable to get roles and members in a PowerShell object list.

To logon into your Azure AD tenant use:

Where xxx is your tenant id. The -TenantId is optional. But if your account member of different Azure ADs you can select the right one.

After login in with your credential you can show the different roles with:

Output:

Using PSCustomObject helps to build a list/array of custom objects to save all roles and users.

Azure is “my” cloud with a lot of platform services allowing user, programmers and DevOps building powerful and scalable solutions. One of my favorite ones is Azure OMS Log Analytics – a big data platform with a great query language and professional dashboards.

In the past I build a custom agent to collect data from Microsoft RDS and Citrix environment to provide a deep insight into the user experiences and resource usage http://loganalytics.sepago.com/.