Create a drive mapping using Intune on Azure AD joined devices (Manual)

With the transition to Azure AD, you might want to connect your AAD joined devices to the traditional file server as explained in this article: Go Azure AD Joined with on-prem DC and fileserver The next step is to map some network drives with Intune!

Step 1: The first step is to create a PowerShell script that will do the actual drive mappings. This script will be placed on a Azure Blob storage (or your internal domain) where you will be able to manage and maintain the script. This script will be run using a second script that we will deploy with Intune. For your convenience I’ve already prepared the script:

Continue reading “Create a drive mapping using Intune on Azure AD joined devices (Manual)”

Bulk migrate to OneDrive from personal drive with SharePoint Migration Tool (Manual)

In this manual I will explain step by step how to migrate your users from their personal drive to OneDrive using bulk migration in SharePoint Migration tool. This includes preparing the users OneDrive, granting permissions, and setup SharePoint Migration tool.

Image

Prerequisites

Before we begin, we will need a migration station, I would recommend to use a server designed for this purpose. On the migration server make sure you install the following:

Continue reading “Bulk migrate to OneDrive from personal drive with SharePoint Migration Tool (Manual)”

Disable Windows Firewall on a virtual machine from the Azure Portal

When you accidentally locked your self out from a Virtual Machine in Azure, there is no console access to login and help your self back in to the system.

Enabled Windows firewall

In the last year I’ve seen a few cases where somebody accidentally locked himself out of a VM by wrongly adjusting the Windows Firewall, making it impossible to manage their virtual machine in Azure. But with Custom script extension it is possible to disable the Windows Firewall to gain access again!

Continue reading “Disable Windows Firewall on a virtual machine from the Azure Portal”

How to setup Azure Lighthouse (Manual)

Microsoft released Lighthouse last weekend, and since this is a great feature, I wanted to implement it as soon as possible, but the Microsoft docs might be a bit confusing, so I wanted to simplify the manual, so here it is! We will be using PowerShell, as this makes life so much easier, and faster.

Requirements:

  • Your admin tenant needs to have a valid Azure subscription
  • You need to have a native user account with the new Owner role in the tenant that you want to manage (Customer tenant)
  • Azure PowerShell module: AZ (Install-Module -Name az)
Continue reading “How to setup Azure Lighthouse (Manual)”

Sync existing office 365 tenant with local active directory

Recently we created an AAD tenant that has no on-premises AD domain counterpart.
Now we are facing an issue where we want to be able to use the identities in this tenant to log into some servers. It would appear that we would need to domain join these servers, but we can’t do this without AD. The question is, how can we continue to setup these servers?

If the servers are hosted on the Azure IaaS platform you can choose to go ahead with Azure AD Domain services as I wrote before:
https://www.cordenboer.nl/2019/04/22/azure-ad-domain-services-an-option-or-not/

But today we are going to install a new domain on-premise. The domain name isn’t relevant for the sync with Azure AD / Office 365. But the UPN for the end users is important! So first we can add the UPN domains by going to the Domain and Trusts console. Add the required domain names.

Continue reading “Sync existing office 365 tenant with local active directory”

Azure AD exclude user from password experation policy

Connect to Azure AD with PowerShell:

Connect-azuread

Now we would like to get an overview of all users, run the following command:

Get-azureAduser

If you have the UserPrincipalName or email address we might shorten the list to just that single user bij adding a filter:

Get-AzureADUser -ObjectId <UserPrincipleName> 

Next task is to link the default password policy without a password expiration to this user. Run the following command:

Set-AzureADUser -ObjectId <UserPrincipalName> -PasswordPolicies DisablePasswordExpiration

Once this has been completed, verify if the policy has been set correctly with the following command:

Get-AzureADUser -ObjectId <UserPrincipalName> | fl UserPrincipalName,passwordpolicies

Connect to Azure AD with PowerShell

On your Windows device open a PowerShell prompt. To be able to connect we first need to make sure that the PowerShell module has been installed. Run the following command and confirm all questions with yes

Install-Module -Name AzureAD

Now we are ready to connect to Azure AD. Because of the different Office 365 clouds, it might be required to add the option -AzureEnvironmentName. Please review your environment below, by default you are hosted in Worldwide.

Office 365 cloud Command
Office 365 Worldwide (+GCC) Connect-AzureAD
Office 365 operated by 21 Vianet Connect-AzureAD
-AzureEnvironmentName AzureChinaCloud
Office 365 Germany Connect-AzureAD
-AzureEnvironmentName AzureGermanyCloud
Office 365 U.S. Government Connect-AzureAD
-AzureEnvironmentName AzureUSGovernment

Run the command:

Connect-AzureAD

You will now be prompted with a sign-in prompt. After sign-in you are connected

Log in screen