What service principal is used to authenticate Logic Apps to Azure resources?
This question is a bit more academic than practical, but I'm just trying to enhance my knowledge of how Azure authentication works under the hood. The default way to authenticate managed Logic Apps connections is through an OAuth popup asking you to grant permissions. Based on my reading of the Azure docs, this means that you're granting access to the delegated permissions of a service principal. For connectors that access the Graph API, such a service principal in your tenant with the correct delegated permissions: However, I'm struggling to find an equivalent service principal for connectors that use the Azure Resource Management API to interact with services like Log Analytics, sentinel, Logic Apps, etc. I do see a service principal called Azure Logic Apps, but it doesn't have any permissions associated with it. My understanding is that it would need to have the delegated permission user_impersonation to access Azure resources: So my questions here are What Service Principal is used for the OAuth connection to the Azure Resource Management API? If the Azure Logic Apps service principal is used, how is it able to connect to the ARM API without any permissions? Is there some Azure magic happening under the hood here?
Run Logic app if new virtual machine is created
Hello, I'm building logic app that get triggered on resource creation event by connecting it to event grid. my goal is only to run this if new vm is created however logic app get executed on every create success event. I noticed whenever there is deletion or creation on VM the logic app get triggered. Even in the event payload there is no difference between create and delete VM. how to limit the call of logic app only if new VM is created?
Adding users to an AD group with Azure Functions/Logic Apps
I want to add users to an Entra ID/Azure AD group. The list of users will be retrieved from a REST API call with Azure Functions, and then saved into a database, probably Azure SQL. I'm planning on then using Azure Logic Apps to connect the database to the AD group. How can I make the script run every time the REST API changes? Can I add users to the AD group from SQL? Is there a better way to go about this?Former Employer Abuse
My former employer, Albert Williams, president of American Security Force Inc., keeps adding my outlook accounts, computers and mobile devices to the company's azure cloud even though I left the company more than a year ago. What can I do to remove myself from his grip? Does Microsoft have a solution against abusive employers?
Creating Logic App to Identify Low Storage Devices from Intune
Hello everyone, I’m seeking some assistance with creating a Logic App. I need to identify devices in Intune that have 5GB or less of available space and receive an email with the details of these devices, including their names. Is this achievable?Guide: How to Connect ServiceNow to Azure DevOps with a Fully Configurable, No-Code, 2-Way Sync
Let's talk about integrations. You need them because your business runs on too many different software systems that don't communicate with each other, so people end up working in data silos without a reliable source of truth. So each department ends up dealing with incomplete data or relying on inefficient and unreliable manual data transfer processes. So what are your options? Integrations break data silos, increase the capabilities of the entire software stack, improve overall efficiency, and provide you with real-time visibility and alignment. However integration requests are overflowing the backlogs of every IT department. Does that sound right? If not, let me know in the comments. Integration solutions today are either too basic, or excessively complicated, forcing you to default to a complex and costly solution provided by external consultants or you get to DIY like building an IKEA bedroom set without instructions. Unito is a Microsoft partner with a new integration for ServiceNow to Azure DevOps. What makes it different? It was designed with 2-way sync from the start in the form of a no-code platform that's still fully configurable. So you get 50+ powerful integrations right out of the box, and the ability to deeply customize and adapt them without writing or maintaining code. But you can if you want to. So anyone can sync records in ServiceNow to Azure DevOps work items with real-time 2-way updates between fields. How does it work? Users create low-code 2-way integrations called "flows". The flow represents the connection between ServiceNow and Azure DevOps. You start by selecting a table in ServiceNow and a project in ADO. Then, you choose a flow direction for item creation. Do you want manually created records to automatically add work items in ADO; vice versa; or both? Next, you set rules with an "if this, then that" logic to filter out unrelated records or work items. Typically you would add tags in ADO and only sync work items with those tags, but you can also filter by custom fields or any other native field. Finally, you set up a table of field mappings populated with drop-down menus that include data pulled from ServiceNow and ADO: Here's a longer guide to connecting Azure DevOps projects to ServiceNow tables. Let me know if you have any questions or comments!
azure automation hybrid worker platform best practice
Hi We're moving services around and checking that some of your architecture is according to best practices. What is the recommendations on where to install Azure automation hybrid worker? Can we install on an AD server? AD Sync Server? Dedicated server? Kind RegardsError Running Script in Runbook with System Assigned Managed Identity
Hello everyone, I could use some assistance, please. I'm encountering an error when trying to run a script within a runbook. I'm using PowerShell 5.1 with a system-assigned managed identity. The script works find without using the managed identiy via powershell outside of azure. Error: System.Management.Automation.ParameterBindingException: Cannot process command because of one or more missing mandatory parameters: Credential. at System.Management.Automation.CmdletParameterBinderController.PromptForMissingMandatoryParameters(Collection1 fieldDescriptionList, Collection1 missingMandatoryParameters) at System.Management.Automation.CmdletParameterBinderController.HandleUnboundMandatoryParameters I am using this script Connect-ExchangeOnline -ManagedIdentity -Organization domain removed for privacy reasons # Specify the user's mailbox identity $mailboxIdentity = "email address removed for privacy reasons" # Get mailbox configuration and statistics for the specified mailbox $mailboxConfig = Get-Mailbox -Identity $mailboxIdentity $mailboxStats = Get-MailboxStatistics -Identity $mailboxIdentity # Check if TotalItemSize and ProhibitSendQuota are not null and extract the sizes if ($mailboxStats.TotalItemSize -and $mailboxConfig.ProhibitSendQuota) { $totalSizeBytes = $mailboxStats.TotalItemSize.Value.ToString().Split("(")[1].Split(" ")[0].Replace(",", "") -as [double] $prohibitQuotaBytes = $mailboxConfig.ProhibitSendQuota.ToString().Split("(")[1].Split(" ")[0].Replace(",", "") -as [double] # Convert sizes from bytes to gigabytes $totalMailboxSize = $totalSizeBytes / 1GB $mailboxWarningQuota = $prohibitQuotaBytes / 1GB # Check if the mailbox size exceeds 90% of the warning quota if ($totalMailboxSize -ge ($mailboxWarningQuota * 0.0)) { # Send an email notification $emailBody = "The mailbox $($mailboxIdentity) has reached $($totalMailboxSize) GB, which exceeds 90% of the warning quota." Send-MailMessage -To "email address removed for privacy reasons" -From "email address removed for privacy reasons" -Subject "Mailbox Size Warning" -Body $emailBody -SmtpServer "smtp.office365.com" -Port 587 -UseSsl -Credential (Get-Credential) } } else { Write-Host "The required values(TotalItemSize or ProhibitSendQuota) are not available." }
Need help with Azure VM reboot which checks users logged in.
Hi guys, I have been looking for methods to restart AVD using runbooks and automation. I have info on how to restart VMS, but I want to restart the VMs such that it checks if any users are logged in and if the users are logged in. It won't restart. This is the script that I found to restart from linkedin: https://www.linkedin.com/pulse/scheduling-reboot-azure-virtual-machines-using-automation-rabea/: workflow demo { InlineScript { Connect-AzAccount -Identity Restart-AzVM -ResourceGroupName "Resource Group name" -Name "VM1 name" Restart-AzVM -ResourceGroupName "Resource Group name" -Name "VM2 name" Restart-AzVM -ResourceGroupName "Resource Group name" -Name "VM3 name" } }Join us tomorrow for the Copilot for Microsoft 365 Tech Accelerator
Are you ready to level up your Microsoft 365 skills? Don't miss out on the Copilot for Microsoft 365 Tech Accelerator event happening tomorrow! This two-day event is packed with insightful sessions, live Q&A with Microsoft experts, and deep dives into Copilot for Microsoft 365. Join us as we explore how Copilot works, discuss strategies to prepare your organization, and learn tips and tricks for driving usage and satisfaction. Whether you're an IT pro or a small business owner, this event has something for you! To secure your spot, RSVP today by visiting the event page. Don't miss this opportunity to gain new knowledge and maximize the impact of Copilot for your organization. We look forward to seeing you there!
