Clatent

Technology | Fitness | Food

AD

If Maester couldn’t get any better…Custom Test Collection now available

by Leave a Comment

The time has finally come. I have created a public repository to store custom Maester tests for everyone. As well as a website for deeper understanding where needed. I haven’t seen anyone else do it yet, and worse case scenario, people can just use the ones that I create, but I envision others adding theirs to this too. Yes, you will have to create the function, test, and the markdown file (I and/or others can help), so that we can have a collection of tests that anyone can pick and choose which ones they want to add to their Maester and customize it to their needs. They don’t need to be 365 related either, as they could be checks for Windows 11 settings, server configs, or check that a certain OU should only has these mentioned users or computers and to make sure that doesn’t change.

This is still in its early stages and would love any feedback to make it better while still showing that it is a companion to Maester. I wanted to get the framework started to that we can start gaining the benefits from the repository while still making it easy to use.

I hope you are excited about this as I am, and we can create a large community collection of tests.

Please star and share the repo. Open issues for tests that you want to see and if you already have one or can make it, put that in the issue. Let’s make all our IT lives easier and safer.

Thank you for taking the time to read this and hope you find value in this and can share your knowledge as well.

Website: https://devclate.github.io/Custom-Maester-Tests/
GitHub: https://github.com/DevClate/Custom-Maester-Tests

I’m also working on a module for the Entra attribute fields that will fix any issues by either manually typing in the correct value or only allow company standard values.

Dec 23, 2024 – EntraFIDOFinder v0.0.14 is Out with New Features!

by Leave a Comment

It’s the second to last Monday of the year, so figured I’d release a new version of the EntraFIDOFinder before the end of the year. Here are the main additions.

New Features:

  • Using -AllProperties now gives you all of the basic information for the key(s), but also gives you all of the data from the FIDO Alliance as well
  • AAGUID can now be piped in, whether it is 1 key or 100 keys, it will take it
  • AAGUID can now be imported from a .CSV, .TXT, or .XLSX
  • Using -DetailedProperties you can now gain access to any of the regular or FIDO Alliance properties to create your output
  • Added a GitHub Action to directly copy the FIDO Alliance data and merge it into the JSON data and update where necessary
  • Web Version: You can click on a key and get more information, then there is a button inside it which will show you all of the data in JSON

I did some other cleanup and prepping for some future updates, but what do you think? Any other features we should add? Are there fields not in the standard that you think should be?

Here are a couple sample outputs:

"50a45b0c-80e7-f944-bf29-f552bfa2e048", "973446ca-e21c-9a9b-99f5-9b985a67af0f" | Find-FIDOKey

Vendor      : ACS
Description : ACS FIDO Authenticator
AAGUID      : 50a45b0c-80e7-f944-bf29-f552bfa2e048
Bio         : No
USB         : Yes
NFC         : No
BLE         : No
Version     : FIDO 2.1 PRE
ValidVendor : Yes

Vendor      : ACS
Description : ACS FIDO Authenticator Card
AAGUID      : 973446ca-e21c-9a9b-99f5-9b985a67af0f
Bio         : No
USB         : No
NFC         : Yes
BLE         : No
Version     : FIDO 2.1 PRE
ValidVendor : Yes

"50a45b0c-80e7-f944-bf29-f552bfa2e048" | Find-FIDOKey -AllProperties
{
  "Vendor": "ACS",
  "Description": "ACS FIDO Authenticator",
  "AAGUID": "50a45b0c-80e7-f944-bf29-f552bfa2e048",
  "Bio": "No",
  "USB": "Yes",
  "NFC": "No",
  "BLE": "No",
  "Version": "FIDO 2.1 PRE",
  "ValidVendor": "Yes",
  "metadataStatement": {
    "legalHeader": "Submission of this statement and retrieval and use of this statement indicates acceptance of the appropriate agreement located at <https://fidoalliance.org/metadata/metadata-legal-terms/.">,
    "aaguid": "50a45b0c-80e7-f944-bf29-f552bfa2e048",
    "description": "ACS FIDO Authenticator",
    "authenticatorVersion": 10000,
    "protocolFamily": "fido2",
    "schema": 3,
    "upv": [
      {
        "major": 1,
        "minor": 1
      },
      {
        "major": 1,
        "minor": 0
      }
    ], and more data below

Here is a screenshot of the web version:

Thank you for taking the time to read this and using EntraFIDOFinder. This started out as a quick side project that grew a lot faster than I thought it would. I’ve learned a lot building the backend to this and even some of the front end. I can’t believe it’s almost at 1.2k downloads! Thank you!

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.14
GitHub: https://github.com/DevClate/EntraFIDOFinder
Web Version: https://devclate.github.io/EntraFIDOFinder/Explorer/

Hope you have a great day!

First Snowfall of the Season

by Leave a Comment

First snowfall in NY! Tell me about the first time PowerShell just clicked… what was that moment?

Mine was adding new users to AD(it’s usually AD or Exchange, right?) and remembering the standard fields needed to be filled out with their default values. Also when we had multiple new hires it was so time consuming clicking through the GUI. That’s when I learned how to create an AD user with a CSV. It was life changing and realized I needed to do more of this.

Now I have a module that is meant to create Microsoft 365 test environments but can be used in production to create users, groups, and much more from an excel file without even having excel on the computer! You can check out the module below.

We all start somewhere and love hearing that light bulb moment that triggers the snowball effect!

365AutomatedLab
Powershell Gallery: https://www.powershellgallery.com/packages/365AutomatedLab/2.11.0
GitHub: https://github.com/DevClate/365AutomatedLab

EntraFIDOFinder Update

by Leave a Comment

October 15, is less than a week away for the MFA requirement on certain 365 Apps. Please make sure you are all set by then. Make sure to go through all your accounts, especially those old ones that you rarely ever touch, and see if you still need it or what is the best way to protect it now. For some you will be able to delete and others you will need something such as a cert, FIDO2 key, or Windows Hello for Business. For those that will need a FIDO2 key, I’ve pulled from Microsoft Learn the current Attestation capable FIDO2 keys that are compatible with Entra. The database may say that it was last updated September 30, 2024, but I reviewed it today(Oct 9th) and the list still hasn’t changed. Once they do update it, I’ll update mine as well as show the changes.

With that said, I’ve now created a function called Show-FIDODbVersion that will show you what your current version is, and if you use Show-FIDODbVersion -NewestVersion, it will show you the newest version out. Would you rather me, show the difference as soon as you run Show-FIDODbVersion if there is or do you want them seperate?

Also working on automating the update process so that it can be checked daily with minimal intervention.

Are there any other features you’d like to see? I’m going to be adding at least vendor links and I’ve been trying to find pricing, but more than a handful of them do not even show pricing and not sure how valuable it will be if only a few of the vendors have pricing. How critical is cost to you?

I hope EntraFIDOFinder has been useful for you, and I can’t believe it has over 100 downloads already. I wasn’t even going to publish this, but figured there was someone else out there that didn’t want to just look at a static website and scroll through, so that is why I created the module and the interactive webpage.

PowerShell Gallery: EntraFIDOFinder
GitHub: EntraFIDOFinder
EntraFIDOFinder Explorer

Enjoy your day and get secure!

Getting Started with 365AutomatedLab Part 3

by Leave a Comment

Adding/Removing a User from Groups by User Role

I have to say that this function is one of my favorites. The reason why is how many companies can use only dynamic groups for adding users to their required groups? Using this function, you can create any job role name, then add the groups that job role requires. If you need help mass created groups check out Creating Groups with Excel. It can become the source of truth for standard groups per job role so you are only updating one location. Please test on your dev tenant first, but with most of the other cmdlets in this module they can be used in production, after proper testing.

Adding a User to Groups by User Role

The quickest way to add groups to a user is to use the 365DataEnvironment Excel file in the LabSources folder. I’ll show you that now, and how to customize it for your environment.

New-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT

This one line of PowerShell will add Mary White to all the groups associated with the user role “NY-IT,” which are “IT 365 Group, IT, IT NY, Printer – NY – 1, and Printer – NY – 2.”

FilePath: Is the location of the Excel workbook

UserEmail: The full email of the user you want to add groups to

Domain: The domain of your tenant

UserRole: This be the name of the worksheet for that user role.

If you want to create your own user roles, all you have to do is create a new worksheet and label it with the user role you want. Then you will need 4 columns which will be “DisplayName, PrimarySMTP, Description, and Type.” For type, the 4 different options are “365Group, 365MailEnabledSecurity, 365Distribution, and 365Security” depending on which groups you want to add them to. See image below for the template:

You can create as many user roles as you want. I used NY-IT naming convention as an example, but you can use whichever you want, as I know there are too many variations on how companies handle this and didn’t want to do a validateset on it.

That’s it, that is how you create the different job roles then how you add those groups to a user!

Removing a User from Groups by Job Role

I have a feeling after reading how to add, you already know how to remove groups from a user.

Remove-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT

Was I right? I really try to make these as simple as possible as I know we all are busy enough, and don’t want to make your life any busier.

Summary

You made it! Now you can easily add and remove user groups by job role with an Excel workbook. I know this is in 365AutomatedLab, but once you have tested, you could use this in production as it is great for onboarding and offboarding users.

As always please feel free to reach out if you have any questions, comments, concerns on this project or any others! If you can please star the GitHub repository as it will help others see it. Have a great day!

GitHub: https://github.com/DevClate/365AutomatedLab

Part 1 – Creating Users with Excel

Part 2 – Creating Groups with Excel

Module Monday July 31, 2023

by Leave a Comment

Well, here it is!  Module Monday, but this one is a module I’ve been working on for a bit and figured it’s time to put it out to the community for others to enjoy and improve. Have you had to test PowerShell scripts on your 365 tenant and really didn’t want to use your production environment, but wanted to keep the close as possible for testing accuracy? Then you’ll want 365AutomatedLab in your tool chest. It can also be used to add multiple users to an environment from an excel sheet or add multiple groups to a user per their title from an excel sheet. Hope you check it out and leave some feedback! So much I want to do with it and super excited about this project that I feel can help so many!

I’ll be doing some blog posts and video tutorials in the near future. Any preferences?

Thanks to Andrew Pla for the extra push 😆

https://github.com/DevClate/365AutomatedLab