Category: Microsoft
Category Archives: Microsoft
Both my Email accounts have been hacked
Hi,
Recently both of my emails of my emails have been compromised by someone in a different country. They got past my 2F authentication(I wasn’t using an Authenticator though I will be from now on) and removed security from my account after getting in.
I can’t access either anymore as they’ve changed the passwords and the recovery email to their own. I did manage to get my account back briefly using security questions and proving I own it, but they accounts passwords and security was changed again within 15 minutes of me getting it back.
The main reason I’m putting this in here is because I cant seem to find any way of contacting Microsoft or the Outlook team to help with this issue as they require you to sign but I can’t.
Is there a number or email I can contact to help me block this person and get my accounts back?
Hi, Recently both of my emails of my emails have been compromised by someone in a different country. They got past my 2F authentication(I wasn’t using an Authenticator though I will be from now on) and removed security from my account after getting in. I can’t access either anymore as they’ve changed the passwords and the recovery email to their own. I did manage to get my account back briefly using security questions and proving I own it, but they accounts passwords and security was changed again within 15 minutes of me getting it back. The main reason I’m putting this in here is because I cant seem to find any way of contacting Microsoft or the Outlook team to help with this issue as they require you to sign but I can’t. Is there a number or email I can contact to help me block this person and get my accounts back? Read More
Repeat a cell value each month
I’m trying to build a budget ongoing cash flow, so I have an amount going out each month on a particular day. I would like to put in the amount and for that to repeat on the 3rd of each month.
My cells on the left have Provider-Amount-repeat day, Accpros the top I have the date.
Any help would be appreciated.
06/08/202407/08/2024Day in MonthTuesday Balance-£4.79 ü Gym£10.003
I’m trying to build a budget ongoing cash flow, so I have an amount going out each month on a particular day. I would like to put in the amount and for that to repeat on the 3rd of each month. My cells on the left have Provider-Amount-repeat day, Accpros the top I have the date. Any help would be appreciated. 06/08/202407/08/2024Day in MonthTuesday Balance-£4.79 ü Gym£10.003 Read More
Unable to update Windows 10
I am unable to update Windows 10 and was trying to increase the size of my partition.. I really dont know what Im talking about, but I have lost 3 remote jobs in the last month and a half because im unable to keep windows updated with KB5034441 & KB5001716. Can someone please help? Im about to lose job #4 if I cant get this fixed.
I am unable to update Windows 10 and was trying to increase the size of my partition.. I really dont know what Im talking about, but I have lost 3 remote jobs in the last month and a half because im unable to keep windows updated with KB5034441 & KB5001716. Can someone please help? Im about to lose job #4 if I cant get this fixed. Read More
Azure Specialization Query
Hello,
We are a solutions partner that is looking at obtaining a couple of advanced specializations in the Azure tracks. I have a couple of queries that I think are unclear from the checklists:
In the case of required evidence from customer projects for the various controls in the audit checklist, is it acceptable to have evidence from multiple customers for the various controls? Or do we need to satisfy the requirements across all controls for the same set of customers?Believe that customer projects cited across Module A and B can be different. Pls confimr my understanding.Is there a standard template available from/recommended by MSFT that is available for documentary evidence? Asking this for assets like Project Plan, Functional Specifications, Solution Design Documents, Architectural Diagram etcAlso are all of these required evidences mandatory for fulfilling the requirement of each control? Or do we provide some of them?
I know this post is long, but any direction/guidance here would be sincerely appreciated.
Thx!
Hello,We are a solutions partner that is looking at obtaining a couple of advanced specializations in the Azure tracks. I have a couple of queries that I think are unclear from the checklists:In the case of required evidence from customer projects for the various controls in the audit checklist, is it acceptable to have evidence from multiple customers for the various controls? Or do we need to satisfy the requirements across all controls for the same set of customers?Believe that customer projects cited across Module A and B can be different. Pls confimr my understanding.Is there a standard template available from/recommended by MSFT that is available for documentary evidence? Asking this for assets like Project Plan, Functional Specifications, Solution Design Documents, Architectural Diagram etcAlso are all of these required evidences mandatory for fulfilling the requirement of each control? Or do we provide some of them?I know this post is long, but any direction/guidance here would be sincerely appreciated.Thx! Read More
Threat Monitoring for GitHub Connector broken – 403 error
Hello,
I can deploy successfully the connector and all the other components, but when I put the Org name and the API key I get this error:
The permission in Github is the one requested and I even added +80 Azure IPs to our allowlist.
Still get the same error.
Appreciate any help.
Hello, I can deploy successfully the connector and all the other components, but when I put the Org name and the API key I get this error: The permission in Github is the one requested and I even added +80 Azure IPs to our allowlist.Still get the same error. Appreciate any help. Read More
“Microsoft 365 Backup – Commvault” 🎙 – The Intrazone podcast
You need reliable backup and restore of for your data, within hours – not weeks or months. Microsoft 365 Backup is your in-place solution for lightning-fast restorability, ensuring business continuity. We appreciate the value our partner ecosystem brings to extend our core offering.
On this episode, guest host, Brad Gussin (Principal PM Manager on the SharePoint team) and me provide an overview of the core Microsoft offering. You’ll then hear Brad (Microsoft) interview our valued partner, Brad Kirby (Senior Director of Product Management at Commvault) about their integration of Commvault Cloud with our Microsoft 365 Backup storage platform – extending data recoverability and searchability.
OK, this episode is all backed up and ready to restore your backup and recovery knowledge base.
The Intrazone, episode 112:
Subscribe to The Intrazone podcast + show links and more below.
Links to important on-demand recordings and articles mentioned in this episode:
Hosts, guests, and related links and information
Brad Kirby (Commvault) | LinkedIn | @Commvault [guest]
Brad Gussin | LinkedIn [guest co-host]
SharePoint | Facebook | @SharePoint | SharePoint community blog | Feedback
Mark Kashman |@mkashman [co-host]
Related videos, common admin articles and sites
“Microsoft Announces General Availability of Microsoft 365 Backup and Microsoft 365 Backup Storage” by Zach Rosenfield [July 31, 2024]
Learn more about Commvault’s Microsoft 365 Backup solution
Learn more about Microsoft 365 Backup (adoption.microsoft.com)
Watch “The Ins and Outs of Microsoft 365 Backup & Archive“
Microsoft Docs – The home for Microsoft documentation for end users, developers, and IT professionals.
Microsoft Tech Community Home
Stay on top of Office 365 changes
Listen to other Microsoft podcasts
Upcoming Events
TechCon365 – DC | Washington DC | Aug. 12-16, 2024
CollabDays Hamburg | August 31, 2024 – Hamburg, Germany
Microsoft Power Platform Conference | September 18-20 – Las Vegas, NV, USA
CollabDays Portugal Porto 2024 (previously CollabDays Lisbon)| Sept. 21 Venue: Instituto Superior de Engenharia do Porto
CollabDays New England | October 18-19, 2024 – Burlington, Massachusetts, USA
TechCon365 – Dallas | Nov. 11-15, 2024 | Dallas, TX, USA
Microsoft Ignite (+ more info) | Nov 18-22, 2024, “Save the date,” Chicago, IL
ESPC | European SharePoint Conference | Dec 2-5, 2024 | Stockholm, Sweden
+ always review and share the CommunityDays.org website to find your next event.
Subscribe today!
Thanks for listening! If you like what you hear, we’d love for you to Subscribe, Rate and Review on iTunes or wherever you get your podcasts.
Be sure to visit our show page to hear all episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog and where we’ll share more information per episode, guest insights, and take any questions or suggestions from our listeners and SharePoint users via email at TheIntrazone@microsoft.com.
Get The Intrazone anywhere and everywhere
Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts.
Microsoft Tech Community – Latest Blogs –Read More
Announcing General Availability of Workspaces in Azure API Management
We are excited to announce the general availability of workspaces in Azure API Management! Workspaces enable organizations to manage APIs more productively, securely, and reliably using a federated approach.
Enhanced Autonomy and Productivity
Workspaces bring a new level of autonomy to API teams, enabling them to create, manage, and publish APIs faster, more reliably, securely, and productively within an API Management service. By providing isolated administrative access and API runtime, workspaces empower API teams, while allowing the API platform team to retain oversight with central monitoring, enforcement of API policies and compliance, and publishing APIs for discovery through a unified developer portal.
Isolated Administrative Access and API Runtime
Workspaces function like “folders” within an API Management service. Each workspace contains APIs, products, subscriptions, named values, and related resources. Access to resources within a workspace is managed through Azure’s role-based access control (RBAC) with built-in or custom roles assignable to Microsoft Entra accounts.
Workspaces now offer API runtime isolation through association with a workspace API gateway, allowing teams to manage gateways and their configurations. Segregated runtimes ensure that faults, such as gateway resource starvation or cybersecurity incidents, are contained within individual workspaces, preventing them from affecting all organization’s APIs. Runtime isolation also enables attribution of issues and platform usage to a workspace.
Learn how to create a workspace in API Management.
Independent Deployment Lifecycles
Each workspace typically follows its own deployment lifecycle. The APIOps toolkit release 6.0.2 introduces support for automated deployment of workspaces across API Management services representing different environments. Additionally, the management API version 2023-09-01-preview enables programmatic management of workspaces.
Federated API Management with Workspaces
Workspaces bring first-class support for a federated model of managing APIs in Azure API Management, complementing the existing centralized and siloed models.
Centralized Model
In the centralized model, organizations use a single API Management service shared among multiple API teams without isolating administrative access or API runtime. While this setup simplifies API governance and discovery, it can cause the platform team to become a bottleneck as more API teams are onboarded. Additionally, runtime issues or misconfigurations can lead to platform-wide outages, with the API gateway being a single point of failure.
Siloed Model
In the siloed API management model, each API team owns and operates its own API Management service. While this approach provides full isolation of administrative access and API runtime missing in the centralized model, it leads to internal proliferation of services, making infrastructure maintenance challenging, increasing costs, and resulting in fragmented and ineffective API governance and discovery.
Federated Model with Workspaces
Workspaces enable organizations to adopt a federated approach to API management, combining the benefits of both centralized and siloed models. Workspaces allow API teams to independently, effectively, and efficiently manage APIs throughout their lifecycle, while platform teams can enforce runtime policies for APIs across workspaces, centralize platform logs and metrics (coming soon), implement chargeback by attributing gateway costs to teams in the organization, and facilitate API discovery and onboarding through a unified developer portal.
Upcoming Improvements
With their general availability, workspaces serve as an excellent tool for federating API management in organizations where teams need or benefit from full API runtime isolation. We are actively working on new features and improvements to workspaces:
Shared gateways: Optimize platform costs by associating multiple workspaces with a shared gateway, if complete runtime isolation between workspaces isn’t required
Managed identity support: Authenticate with user-assigned managed identity within workspaces
Regional availability: Use workspaces in API Management services in more regions
Faster provisioning: Create workspace gateways in minutes
Enhanced monitoring: Complement Application Insights telemetry with Azure Monitor logs and metrics
Get Started Today
By isolating administrative access and API runtime for API teams and centralizing API governance and discovery, workspaces increase productivity and improve the reliability and security of APIs managed with API Management. Learn how to get started with workspaces.
Migrating from Preview to Generally Available Workspaces
As part of the general availability of workspaces, we are discontinuing support for preview workspaces in API Management. To continue using workspaces created during the preview, you need to make the following changes:
Associate workspaces with a workspace gateway: Each workspace must be associated with a workspace gateway that isolates the workspace’s runtime traffic, enhancing API reliability, resiliency, and observability. In preview, workspaces shared a gateway with the service.
Remove workspaces’ dependency on service-level managed identity: Service-level managed identity can no longer be used in workspaces, as it may compromise the platform’s reliability and security. We are working on enabling managed identity support within workspaces.
Workspaces without a workspace gateway or relying on service-level managed identity will stop working after March 31, 2025. Learn more about these changes and how to migrate your preview workspaces. If you need to associate multiple workspaces with a shared gateway to migrate to the general availability version of workspaces, this feature will be available before the changes take effect.
Explore the power of workspaces and take your API management to the next level today!
Microsoft Tech Community – Latest Blogs –Read More
Enhancing Security and Control: Bring Your Own NSG to Microsoft Azure Red Hat OpenShift Clusters
Microsoft Azure Red Hat OpenShift (ARO) has taken a significant step forward in empowering organizations with greater control over their cluster security. The “bring your own” Network Security Group (NSG) feature offers a flexible approach to managing network security for ARO clusters. Let us explore this feature and see how it can benefit your organization.
What is an NSG?
Network Security Groups (NSGs) are crucial for maintaining robust security and efficient traffic management within cloud environments. They provide essential control over network traffic by defining rules that determine which IP addresses, ports, and protocols are allowed or denied, thereby safeguarding resources from unauthorized access and cyber threats. By segmenting security policies according to specific network segments or resources, NSGs enable tailored and precise protection, ensuring sensitive data and systems are shielded while allowing necessary traffic to flow seamlessly. Additionally, NSGs support compliance with regulatory standards by enforcing strict access controls and facilitating effective monitoring and auditing of network activity. Overall, NSGs play a vital role in securing cloud infrastructure, making network management more streamlined and responsive to evolving security needs.
Understanding the NSG Challenge
Traditionally, when creating an ARO cluster, the ARO Resource Provider (RP) would generate a dedicated resource group containing cluster-specific resources, including Network Security Groups (NSGs).
While this approach ensured a baseline level of security, organizations often sought more flexibility and control over their network security configurations. The new “bring your own” Network Security Group (NSG) feature addresses these needs by offering:
Enhanced Control: Customers can now configure NSGs to meet their specific security requirements.
Organizational Alignment: The ability to customize NSGs allows for better alignment between security, networking, and cluster operations teams.
Improved Compliance: Organizations can now more easily implement specific network rules to meet strict security policies and regulatory requirements.
Flexibility for Networking Teams: Network administrators can implement their own rules and adapt the NSGs to fit within broader network security strategies.
Customized Approach: The new feature accounts for the diverse security needs of different industries and organizational structures.
These enhancements provide customers with greater control over their network security in ARO environments. Organizations needed a way to maintain the benefits of a fully managed OpenShift service while still having the flexibility to implement their own security policies and network rules.
The “Bring Your Own NSG” Solution
In response to these customer demands, ARO now offers the ability to attach your own preconfigured NSG to the ARO cluster subnets. This NSG resides in your base or VNET resource group, giving you full control over its rules throughout the cluster’s lifecycle.
Key Benefits:
Customization: Tailor your network security rules to match your organization’s specific requirements.
Flexibility: Add or remove rules as needed, even after the cluster is created.
Compliance: Ensure your ARO clusters align with your company’s security policies and regulatory requirements.
Use Case: Financial Services Company
Let us consider a financial services company, FinSecure, that wants to deploy an ARO cluster for their trading platform. They have strict security policies that require:
Limiting API (Application Programming Interfaces) server access to specific IP ranges
Controlling inbound traffic to their OpenShift router
Implementing custom rules for their Kubernetes services
Implementation:
Create a VNET with master and worker subnets.
Create rule specific preconfigured NSGs and attach them to the subnets. See documentation for rule requirements for your preconfigured NSG.
Deploy the ARO cluster using the new feature:
Update the NSGs with FinSecure’s custom rules:
– Allow inbound traffic to port 6443 only from FinSecure’s office IP range
– Restrict access to ports 80 and 443 on the OpenShift router
– Implement specific rules for their Kubernetes services
By leveraging this new feature, FinSecure can maintain a robust security posture while enjoying the benefits of Azure Red Hat OpenShift.
Considerations and Limitations
While this feature offers great flexibility, it is important to note a few key points:
– NSGs must be attached to both master and worker subnets before cluster creation.
– The feature can only be enabled during cluster creation, not for existing clusters.
– Manual updates to NSG rules are required when creating new Kubernetes LoadBalancer services or OpenShift routes.
– Certain rules must be added to ensure the service can run its operations. Please see the documentation for these rules.
Conclusion
The “bring your own NSG” feature for Azure Red Hat OpenShift clusters represents a significant step forward in cloud-native security customization. By offering greater control over network security, Microsoft and Red Hat are empowering organizations to confidently deploy and manage OpenShift clusters in Azure while adhering to their unique security requirements.
As you explore this capability, remember to carefully plan your NSG rules and keep them updated as your cluster evolves. With the right approach, you can create a secure, compliant, and flexible OpenShift environment in Azure that meets your organization’s specific needs.
Availability and Getting Started
ARO customers can start using this feature immediately when creating new clusters. To enable the feature, simply use the –enable-preconfigured-nsg flag when creating a new ARO cluster using the Azure CLI (command-line interfaces), as demonstrated in the use case above. This feature is available for all ARO clusters running OpenShift version 4.12 and onwards.
New customers can get started by following these steps:
Set up an Azure subscription if you do not already have one.
Install the Azure CLI and log in to your account.
Create a resource group, VNET, and subnets for your ARO cluster.
Create and configure your custom NSGs.
Use the az aro create command with the –enable-preconfigured-nsg flag to create your cluster.
For more detailed information and best practices, visit the official Azure Red Hat OpenShift documentation at https://docs.microsoft.com/en-us/azure/openshift/ and the Red Hat OpenShift documentation at https://docs.openshift.com/.
For technical support and troubleshooting, please refer to the Azure support channels or contact Red Hat support if you have an OpenShift subscription
Resources:
Getting started with ARO:
OpenShift vs Kubernetes: What’s the Difference?
eBook, Getting started with Azure Red Hat OpenShift
Azure Red Hat OpenShift Workshop
Microsoft Tech Community – Latest Blogs –Read More
Group with devices of users, who are part of another group
Hello,
I have Group “A” with some users. If a user that is in group “A” and log into device, this device should automatically become a member of group “B”. Is this possible?
Peter
Hello, I have Group “A” with some users. If a user that is in group “A” and log into device, this device should automatically become a member of group “B”. Is this possible? Peter Read More
Something went Wrong error | Permissions Nightmare | List Filter
I’m a Digital Transformation Analyst working on a SharePoint list that’s subject to bank compliance requirements. We need to be able to view the form and export multiple/all results into a spreadsheet format, while also allowing the submitting user and Compliance to view responses.
I’ve set up a filter on the list to only show items created by the current user ([Me]). However, when end users with edit permissions click on the Power Automate link, they’re getting a “something went wrong” error.
I’m wondering if the filter is causing this issue and if there are alternative approaches to meet the compliance requirements. Any insights or suggestions would be greatly appreciated!
I’ve spent days running against this error and if someone could give me insight or a potential solution I would greatly appreciate it! Yoshi556
I’m a Digital Transformation Analyst working on a SharePoint list that’s subject to bank compliance requirements. We need to be able to view the form and export multiple/all results into a spreadsheet format, while also allowing the submitting user and Compliance to view responses.I’ve set up a filter on the list to only show items created by the current user ([Me]). However, when end users with edit permissions click on the Power Automate link, they’re getting a “something went wrong” error.I’m wondering if the filter is causing this issue and if there are alternative approaches to meet the compliance requirements. Any insights or suggestions would be greatly appreciated! I’ve spent days running against this error and if someone could give me insight or a potential solution I would greatly appreciate it! Yoshi556 Read More
MS Project does not produce the correct end dates on 5 tasks
I have 5 separate tasks which all have the same start dates, same predecessor, same duration and all are 0%, with no Constraint dates with 5 different end dates.
I have 5 separate tasks which all have the same start dates, same predecessor, same duration and all are 0%, with no Constraint dates with 5 different end dates. Read More
Access EntraID-joined Windows Server SMB share as “SYSTEM” from Windows365
Hello,
is it somehow possible for a Windows365 machine to reach a SMB share (configured with Authenticated Users Read on Share+NTFS) on a EntraID-joined Windows Server as the machine itself (SYSTEM)? Specifically there is a scheduled task that runs as SYSTEM on the Windows365 machine that should update a software from the share.
The users itself access the share without problems with their EntraID identity.
Traditionally in an AD environment this was possible, as long as the share allows the Computer Objects to access it (Domain Computers, Authenticated Users), like it is always configured on netlogon/sysvol for the computer GPOs to be applied.
Hello,is it somehow possible for a Windows365 machine to reach a SMB share (configured with Authenticated Users Read on Share+NTFS) on a EntraID-joined Windows Server as the machine itself (SYSTEM)? Specifically there is a scheduled task that runs as SYSTEM on the Windows365 machine that should update a software from the share. The users itself access the share without problems with their EntraID identity. Traditionally in an AD environment this was possible, as long as the share allows the Computer Objects to access it (Domain Computers, Authenticated Users), like it is always configured on netlogon/sysvol for the computer GPOs to be applied. Read More
Why are some comments in my yml pipeline code not green
Some of the comments in my yml / powershell aren’t green but they still act like comments. Minor OCD weirdness and just wondering if anyone else sees this too?
Some of the comments in my yml / powershell aren’t green but they still act like comments. Minor OCD weirdness and just wondering if anyone else sees this too? Read More
How to show blank cell, with an existing formula, when no data is available, yet
How can I get my cells to show blank, with an existing formula, until data in other cells is entered?
This is my current formula =0.1*INT((5+(MOD(E3-D3,6)=0)+TEXT(E3-D3,”[m]”))/6)
– I need to update it so that when the cells it pulls from are empty, the formula doesn’t populate. Currently, when no data is entered in the cells the formula pulls from, it default-populates to 0.10.
Any help is appreciated, thank you!
How can I get my cells to show blank, with an existing formula, until data in other cells is entered? This is my current formula =0.1*INT((5+(MOD(E3-D3,6)=0)+TEXT(E3-D3,”[m]”))/6) – I need to update it so that when the cells it pulls from are empty, the formula doesn’t populate. Currently, when no data is entered in the cells the formula pulls from, it default-populates to 0.10. Any help is appreciated, thank you! Read More
Windows AD, Azure AD
Hello everyone
I connected with Windows AD and Azure AD.
When I create a Windows Account in Windows AD, it is also created in Azure AD.
However, when you join a domain with Azure AD on your PC, you can register a device only with Azure AD, and you can’t register a device with Windows AD.
The User Account is sync, but I think the device is not syncing.
I’ve tried various settings through search, like GPO, device options… but they’re still not working.
How can I sync my device?
I’d like to ask for your help.
Hello everyone I connected with Windows AD and Azure AD. When I create a Windows Account in Windows AD, it is also created in Azure AD. However, when you join a domain with Azure AD on your PC, you can register a device only with Azure AD, and you can’t register a device with Windows AD. The User Account is sync, but I think the device is not syncing. I’ve tried various settings through search, like GPO, device options… but they’re still not working. How can I sync my device?I’d like to ask for your help. Read More
MID Function Help
Hello I am trying to use MID function for returning a 4 digit number from a text string but it isnt always 4 digits. How do I avoid the return result to be 9340 (when its actually 934) or 0004 ( just return a 4) and lastly if all 0000 just return a blank cell
Examples:
1. 7000000001003313150000000000010000000000934000000000
2. 7000000001003313150000000000010000000000004000000000
3. 7000000001003313150000000000010000000000000000000000
Results I would like is
1. 934
2. 4
3. Blank cell
Hello I am trying to use MID function for returning a 4 digit number from a text string but it isnt always 4 digits. How do I avoid the return result to be 9340 (when its actually 934) or 0004 ( just return a 4) and lastly if all 0000 just return a blank cell Examples:1. 70000000010033131500000000000100000000009340000000002. 70000000010033131500000000000100000000000040000000003. 7000000001003313150000000000010000000000000000000000 Results I would like is1. 9342. 43. Blank cell Read More
Power BI Data Analyst Associate
Good evening,
In 2020, I obtained the certification “Analyzing and Visualizing Data with Microsoft Power BI.” I would like to know if it corresponds to the PL300 – PowerBI Data Analyst Associate certification today.
If so, is it possible to get an updated badge?
Thank you.
Good evening,In 2020, I obtained the certification “Analyzing and Visualizing Data with Microsoft Power BI.” I would like to know if it corresponds to the PL300 – PowerBI Data Analyst Associate certification today.If so, is it possible to get an updated badge?Thank you. Read More
Azure Role Assignments Audit Report
Overview:
Azure Administrators often come across challenges while tracking multiple Azure role assignments and removals. At present Azure provides Activity Logs but they make less sense to non-techsavy stakeholders. For example it includes Role Id, Principal Id but doesn’t indicate Role names and Principal names which can make the report more readable. To ensure proper tracking and accountability, we need a comprehensive report that includes the following details:
Initiator and Timestamp
User/Group/Principal assigned/removed
Role assigned/removed
Scope of the Attempt
Pre-Requisites:
Export subscription level Activity Logs to a Log Analytics Workspace. For this navigate to Subscription > Activity log > Export Activity Log > Add Diagnostic Setting
Add Diagnostic Setting to export Administrative logs to a Log Analytic Workspace of your choice and hit the save button:
Navigate to the Workspace and Retrieve the Workspace ID from the overview section, we’ll require this in our script.
Solution:
We have created a solution that retrieves and refines information from the Log Analytic Workspace stored Activity Logs and creates a readable CSV report.
Sample Output:
PowerShell Script:Please replace with appropriate workspace ID(line 32,33) and output CSV file path(line 57, 78). You can provide same values for both at multiple places. Based on the requirement and Log Analytics Retention the no. of days can also be edited(line 6,20)
#Login Azure Account
Add-AzAccount
#Log Analytics query for retrieving Role Assignment addition activities for the past 2 days
$addqr = ‘AzureActivity
| where TimeGenerated > ago(2d)
| where CategoryValue =~ “Administrative” and OperationNameValue =~ “Microsoft.Authorization/roleAssignments/write” and ActivityStatusValue =~ “Start”
| extend RoleDefinition = extractjson(“$.Properties.RoleDefinitionId”,tostring(Properties_d.requestbody),typeof(string))
| extend PrincipalId = extractjson(“$.Properties.PrincipalId”,tostring(Properties_d.requestbody),typeof(string))
| extend PrincipalType = extractjson(“$.Properties.PrincipalType”,tostring(Properties_d.requestbody),typeof(string))
| extend Scope = extractjson(“$.Properties.Scope”,tostring(Properties_d.requestbody),typeof(string))
| extend RoleId = split(RoleDefinition,”/”)
| extend InitiatedBy = Caller
| extend Operation = split(OperationNameValue,”/”)
| project TimeGenerated,InitiatedBy,Scope,PrincipalId,PrincipalType,RoleID=RoleId[4],Operation= Operation[2]’
#Log Analytics query for retrieving Role Assignment removal activities for the past 2 days
$rmqr = ‘AzureActivity
| where TimeGenerated > ago(2d)
| where CategoryValue =~ “Administrative” and OperationNameValue =~ “Microsoft.Authorization/roleAssignments/delete” and (ActivityStatusValue =~ “Success”)
| extend RoleDefinition = extractjson(“$.properties.roleDefinitionId”,tostring(Properties_d.responseBody),typeof(string))
| extend PrincipalId = extractjson(“$.properties.principalId”,tostring(Properties_d.responseBody),typeof(string))
| extend PrincipalType = extractjson(“$.properties.principalType”,tostring(Properties_d.responseBody),typeof(string))
| extend Scope = extractjson(“$.properties.scope”,tostring(Properties_d.responseBody),typeof(string))
| extend RoleId = split(RoleDefinition,”/”)
| extend InitiatedBy = Caller
| extend Operation = split(OperationNameValue,”/”)
| project TimeGenerated,InitiatedBy,Scope,PrincipalId,PrincipalType,RoleID=RoleId[6],Operation= Operation[2]’
#Please replace with appropriate workspace ID
$addqueryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId “<replace with Workspace ID>” -Query $addqr
$rmqueryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId “<replace with Workspace ID>” -Query $rmqr
#Isolating Log Analytics query results
$addqrs = $addqueryResults.Results
$rmqrs = $rmqueryResults.Results
#For each add query result find user/group name and role name to append into the CSV report
foreach ($qr in $addqrs)
{
$rd = Get-AzRoleDefinition -Id $qr.RoleID
if($qr.PrincipalType -eq ‘User’)
{
$prncpl = Get-AzADUser -ObjectId $qr.PrincipalId
}
elseif($qr.PrincipalType -eq ‘Group’){
$prncpl = Get-AzADGroup -ObjectId $qr.PrincipalId
}
else{
$prncpl = Get-AzADServicePrincipal -ObjectId $qr.PrincipalId
}
$qr | Add-Member -MemberType NoteProperty -Name ‘Role’ -Value $rd.Name
$qr | Add-Member -MemberType NoteProperty -Name ‘PrincipalName’ -Value $prncpl.DisplayName
#Replace with appropriate path
$qr | Export-Csv -Path “<Replace Path><FileName.csv>” -NoTypeInformation -Append
}
#For each remove query result find user/group name and role name to append into the CSV report
foreach ($qr in $rmqrs)
{
$rd = Get-AzRoleDefinition -Id $qr.RoleID
if($qr.PrincipalType -eq ‘User’)
{
$prncpl = Get-AzADUser -ObjectId $qr.PrincipalId
}
elseif($qr.PrincipalType -eq ‘Group’){
$prncpl = Get-AzADGroup -ObjectId $qr.PrincipalId
}
else{
$prncpl = Get-AzADServicePrincipal -ObjectId $qr.PrincipalId
}
$qr | Add-Member -MemberType NoteProperty -Name ‘Role’ -Value $rd.Name
$qr | Add-Member -MemberType NoteProperty -Name ‘PrincipalName’ -Value $prncpl.DisplayName
#Replace with appropriate path
$qr | Export-Csv -Path “<Replace Path><FileName.csv>” -NoTypeInformation -Append
}
# End of Script
Hope this helps!
Microsoft Tech Community – Latest Blogs –Read More
Can the size of this be increased?
The item in the image appears too small for me to read clearly. Is it possible to enlarge its size?
The item in the image appears too small for me to read clearly. Is it possible to enlarge its size? Read More