Cause those Cloud Services might fail.
When we are honest, the Cloud is only someone else’s computer, so there can be an attack, an outage, or Data loss.
We can also experience some breaches, so the Cloud file gets encrypted. Now?

That is why I recently bought a UNIFI Storage for our offline Backup, and our first step was to save OneDrive to that Storage.

So, the easiest way would be to have a copy job on my computer, where OneDrive is located, and copy all the files to the Storage. But for this, I wouldn’t write a Blog Post; instead, I would download all the files to your computer first, then to the Storage. That is not a very smart solution.

So, I was trying to write a PowerShell Script that downloads Files directly via API to the offline Storage.

So here we are, Thanks to my colleague Ahmed, who already had a Function to renew Graph API Access token: uzejnovicahmed (Uzejnovic Ahmed)

Preperations

So first we need Access to our OneDrive via the GRAPH API, and for this we need an App Registration with the following Permissions.

• Files.ReadWrite.All ( for automation, I would recommend using Application Permission)

#OneDrive GRAPH API Details
$clientID_OneDrive = "your Client ID"
$Clientsecret_OneDrive = "your Secret"
$tenantID = "Tenant ID"

Next, depending on your OneDrive Size and your bandwidth, the Backup will take some time, so we have to make sure our Access Token is renewed when it expires. I have to thank Ahmed for this part.

#region functions
function Request-AccessToken {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)] [string]$TenantName,
        [Parameter(Mandatory = $true)] [string]$ClientId,
        [Parameter(Mandatory = $true)] [string]$ClientSecret
    )

    $tokenBody = @{
        Grant_Type    = 'client_credentials'
        Scope         = 'https://graph.microsoft.com/.default'
        Client_Id     = $ClientId
        Client_Secret = $ClientSecret
    }

    Write-Debug "Requesting a new access token from Microsoft Identity Platform..."

    try {
        $tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $tokenBody -ErrorAction Stop
        $global:accessToken = $tokenResponse.access_token
        $global:tokenExpiresAt = (Get-Date).AddSeconds($tokenResponse.expires_in)
        $global:headers = @{
            "Authorization" = "Bearer $($global:accessToken)"
            "Content-type"  = "application/json"
        }
    }
    catch {
        Write-Output "Error generating access token: $($_.Exception.Message)"
        Write-Output "Exception Details: $($_.Exception)"
        return $null
    }
    Write-Output "Successfully generated authentication token"
    return $tokenResponse
}
# Function to renew the access token when close to expiration
function Renew-AccessToken {
    param (
        [string]$TenantName,
        [string]$ClientId,
        [string]$ClientSecret
    )

    Write-Debug "Attempting to renew the access token..."
    try {
        $tokenResponse = Request-AccessToken -TenantName $TenantName -ClientId $ClientId -ClientSecret $ClientSecret

        if ($null -ne $tokenResponse) {
            # Update the global access token and expiration time
            $global:accessToken = $tokenResponse.access_token
            $global:tokenExpiresAt = (Get-Date).AddSeconds($tokenResponse.expires_in)
            Write-Output "Token renewed successfully. New expiration time: $global:tokenExpiresAt"
        }
        else {
            Write-Output "Failed to renew the access token. Response was null."
        }
    }
    catch {
        Write-Output "Error renewing the access token: $($_.Exception.Message)"
    }
}
function Check-TokenExpiration {
    try {
        Write-Host "Checking token expiration at: $(Get-Date)..." 
        # Check if the token is about to expire (1 minute before expiration)
        if ((Get-Date) -ge $global:tokenExpiresAt.AddMinutes(-$minutesbeforetokenexpires)) {
            Write-Host "Access token is expired or close to expiration. Renewing the token..." -ForegroundColor Orange
            Renew-AccessToken -TenantName $tenantID -ClientId $clientID_OneDrive -ClientSecret $Clientsecret_OneDrive
        }
        else {
            Write-Host "Access token is still valid. Expires at: $global:tokenExpiresAt" -ForegroundColor Green
        }
    }
    catch {
        Write-Host "Error in Check-TokenExpiration function: $($_.Exception.Message)" -ForegroundColor Red
    }
}

#endregion functions


# Define global variables for the access token and expiration time
$global:accessToken = $null
$global:tokenExpiresAt = [datetime]::MinValue
$global:headers = $null
$tokencheckinterval = 300000  # 300 seconds (300000 milliseconds) -> Can be bigger in production.
$minutesbeforetokenexpires = 6 # Set how many minutes before token expiration the token should be renewed

# Request the initial token
$tokenResponse = Request-AccessToken -TenantName $tenantID -ClientId $clientID_OneDrive -ClientSecret $Clientsecret_OneDrive

#This is the Interval the  Token Check Takes place ! 
$timer = New-Object Timers.Timer
$timer.Interval = $tokencheckinterval
$Aktion = { Check-TokenExpiration }            
            
# Register the event handler to check token expiration
try {
    $timerEvent = Register-ObjectEvent -InputObject $timer -EventName Elapsed -SourceIdentifier "TokenCheck" -Action $Aktion
    Write-Output "Event registered successfully."
}
catch {
    Write-Output "Failed to register the timer event: $($_.Exception.Message)"
}

# Start the timer and verify that it is running
$timer.Start()
if ($timer.Enabled) {
    Write-Output "Timer started successfully. Access token will be checked for renewal every $($timer.Interval/1000) seconds."
}
else {
    Write-Output "Failed to start the timer."
}

Now we can learn about the Basic Settings and our OneDrive Details. This Example Script is limited to my personal OneDrive, but of course, it can be adapted to save others and shared OneDrives, too.

So we are configuring the Destination and the OneDrive we want to back up. replace the “*yourUPN*”

#Destionation Folder
$Dest = "Y:\OneDrive - Michael Seidl"

#OneDrive Details
$Drive = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/*yourUPN*/drive" -Method GET -Headers $global:headers
$Child = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/*yourUPN*/drives/$($Drive.id)/root/children" -Method GET -Headers $global:headers

Now we are coming to the tricky part, which took me some time. We got the first root content, like Files and Folders.

Doing a foreach and checking if it is a File or Folder.

If Folder, let’s check if it exists and create it.

If a File, check if it does not exist, or when it was last changed. In some cases, download the file.

Everything should be in a single loop because I do not know how many subfolders I have. So this was the first one I worked with: calling a Function within the Function itself.

Luckily, it works. On Top, we are creating a Job for each download, so we can go ahead and check the following files without waiting for the download to be finished.

Function Download-Item {
    param (
        [object]$ItemObject,
        [hashtable]$Headers
    )
    $ItemID = $ItemObject.id

    if ($ItemObject.folder -ne $null) {
        #Folder
        $ParentFolder = "$Dest\$($ItemObject.parentReference.path.Split("root:/")[1])"
        if (-not (Test-Path -Path $ParentFolder)) {
            New-Item -ItemType Directory -Path $ParentFolder -Force | Out-Null
        }
        $SubItemObject = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/michael.seidl@au2mator.com/drives/$($Drive.id)/items/$($ItemID)/children" -Method GET -Headers $global:headers
        foreach ($item in $SubItemObject.value | Sort-Object -Property size -Descending) {
            Download-Item -ItemObject $item -Headers $global:headers
        }           
    }
    elseif ($ItemObject.file -ne $null) {
        #File
        $ParentFolder = "$Dest\$($ItemObject.parentReference.path.Split("root:/")[1])"
        $ParentFolder = $ParentFolder.Replace("/$($ItemObject.name)", '')
        if (-not (Test-Path -Path $ParentFolder)) {
            New-Item -ItemType Directory -Path $ParentFolder -Force | Out-Null
        }

        $ParentFolder = "$ParentFolder\$($ItemObject.name)"
        $Download = $false
        try {
            $LocalFile = Get-Item -Path $ParentFolder -ErrorAction Stop
            if ($LocalFile -and ($LocalFile.LastWriteTime -lt $ItemObject.lastModifiedDateTime)) {
                $Download = $true
            }
        }
        catch {
            $Download = $true
        }

        if ($Download) {
            write-Output "Downloading File: $($ItemObject.name) to $ParentFolder"
            Start-Job  -ScriptBlock {
                param($ItemID, $Headers, $ParentFolder, $Drive)
                Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/michael.seidl@au2mator.com/drives/$($Drive.id)/items/$($ItemID)/content" -Method GET -Headers $Headers -OutFile $ParentFolder
            } -ArgumentList $ItemID, $Headers, $ParentFolder, $Drive | Out-Null
        }
    }
    else {  
    }    
}


#Main part
foreach ($item in $Child.value | Sort-Object -Property size -Descending) {
    Download-Item -ItemObject $item  -Headers $headers 
}

At the end, we are stopping the Timer Job.

# Stop the timer and unregister the event when done
Write-Output "Stopping the timer and unregistering the event..."
$timer.Stop()
Unregister-Event -SourceIdentifier "TokenCheck"
$timer.Dispose()
Write-Output "Timer stopped. Final Access Token Expiration: $global:tokenExpiresAt"

So, this might not yet be perfect, but it helps me to do my Backups so that it might help you as well.

This script took me some time; if this were a paid customer project, it would cost around 2.000 euros, and you get this for free. You can show your support by being a GitHub Sponsor: Sponsor @Seidlm on GitHub Sponsors

The complete and updated script is here in my GitHub Repo: Seidlm/Microsoft-Graph-API-Examples

Michael Seidl, aka Techguy
au2mate everything

The post OneDrive offline Backup with PowerShell and GRAPH API appeared first on TechGuy.

I recently wanted to change some Azure Sync settings on my local DC, so I had to execute a Command, which then used IE to authenticate, and that’s on a Server 2022

As you might know, IE is not very good at those things; honestly, it does not work.

So, I figured out how to remove that link and remove IE from the Server.

Run the following command in an Admin PowerShell Session

“dism /online /Remove-Capability /CapabilityName:Browser.InternetExplorer~~~~0.0.11.0”

Try again, and the Authentication Process will use your favorite Browser, Edge

Michael Seidl aka Techguy
au2mate everything

The post Disable IE for PowerShell Authentication Requests appeared first on TechGuy.

Depending on your Name Schema, finding unique Names for “Finn Ucker” or “Peter Immel” could result in some “fun” Usernames, depending on your Location and Language.

Here comes AI for help. I adopted my PowerShell script to check each combination and let AI decide if the Name is offensive, funny, known brand or embarrassing

Examples

Details

Inspired by a Post from David Stein on LinkedIn and the usage of the PSAI Module from Doug Finke, I adopted my existing Script on Github to use AI to ensure that no offensive, funny, known brand, or embarrassing Usernames are returned.

Please see the PSAI Documentation on how to set it up. In my example, I am using Azure OpenAI.

GitHub

Repo: Seidlm/Active-Directory
File: Find free SamAccountName and UPN.ps1

Michael Seidl aka Techguy
au2mate everything

The post Find unique SamAccountName and UPN for User Onboarding with the Help of AI appeared first on TechGuy.

In this case, the Customer is using Azure Automation for Cloud Automation, an Azure VM as a Hybrid Worker for onPrem Automation, and local PS Script for that VM. So, we have three ways to execute and do the Automation, and the goal was to have a simple and secure way to get the Secrets from Azure Key Vault.

Authentication

So, the first and maybe most important part is the Authentication, we have three scenarios in who the PS and AA Runbooks are triggered and executed (Cloud, Hybrid, OnPrem) and wanted to have a”single” way to authenticate and get the secret Values via Azure Key Vault.

So, the Azure Automation Runbooks are executed as follows

• The Automation Account is executing the AA Runbook in the Cloud
• The Hybrid Worker is executing the AA Runbook on the Hybrid Worker
• local PS Scripts are executed on the Hybrid Worker

So, we are having 2 Identities that are executing the Automation

• The Automation Account is executing the AA Runbook in the Cloud
• A Hybrid Worker is executing AA Runbook and OnPrme PS Files

So let’s find a way to assign those two Identities permission to read our KeyVault; each of those identities has a “Managed Identity” in Azure, so let’s give the “Reader” Access to the Azure Key Vault.

In the above Screenshot, the first entry is my Automation Account, and the second one is my Hybrid Worker, in this case with Azure Arc-enabled OnPrem Server.

There might be some more detailed and better documentation for this. Still, all the Managed identities we talked about have a separate endpoint to get the authentication token we can use in our PowerShell script to ” impersonate ” the managed identity to which we assigned the reader role above.

More Details can be found here:

• Managed Identity for Automation Account: Managed Identities – Azure App Service | Microsoft Learn
• Managed Identity for Azure Arc: Authenticate against Azure resources with Azure Arc-enabled servers – Azure Arc | Microsoft Learn
• Managed Identity for Azure VMS: Azure Instance Metadata Service for virtual machines – Azure Virtual Machines | Microsoft Learn

So, for this, we need to query a separate and different endpoint to get our access token, which we can then use to authenticate against the Azure KeyVault to get the secret value.

The example here shows how to use it with an Azure Arc-enabled Server. The Script on Github combines all three of them into a single Function.

Arc-enabled Server Example

For Azure Arc enabled Server, our Endpoint is this

$ResourceURL = "https://vault.azure.net/&api-version=2020-06-01"
$endpoint="http://localhost:40342/metadata/identity/oauth2/token?resource==$ResourceURL" 

When we call this endpoint, praise the result, and convert from JSON, we get the Access Token we can use further.

$global:AZKVResponse = [System.Text.Encoding]::Default.GetString((Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata = 'True' } -UseBasicParsing).RawContentStream.ToArray()) | ConvertFrom-Json

So, in the Global Variable, we now have tTokenken stored, and we are now building the header to get the Value of our Secret.

$token = $global:AZKVResponse.access_token
$Return = Invoke-RestMethod -Uri "https://$($KeyVaultName).vault.azure.net/secrets/$($SecretName)?api-version=7.1" -Method GET -Headers @{Authorization = "Bearer $($token)" }
return $return.value

In this example, our $KeyVaultName is the unique name from our Azure Key Vault, and the $SecretName is the Name of the Secret you are trying to read.

Summary

In my opinion, and I am definitely not a Security Expert, but I think this might be the best and most secure way to store and use Secrets with Automation.

• Only the ManagIdentityity, so the Server or Automation Account has Access to the Key Vault.
• You are not forced to store Credentials locally for testing cause you can use the same code when executed in VS Code or in an Azure Automation Runbook
• Only humans who have access to the Automation Account or the Hybrid Server have access to the Secrets, which is easy to control.
• Many more…

GitHub

I stored a single function you can use on GitHub. We also created a Global Variable for tTokenken to reduce the number of Calls, as there is a throttling limit for the local endpoints here. There might be a better version in the future, but let’s look at the version on GitHub for details.

Repo: Seidlm/Microsoft-Azure: Azure Rest/Graph API Examples
File: Query Azure Key Vault.ps1

Michael Seidl aka Techguy
au2mate everything

The post Using Azure Key Vault to store your Azure Automation Credentials and Secrets appeared first on TechGuy.

So I have written a PowerShell Script to send an Email, when an Azure App Secret or Zert, or an Azure SPN is expiring in the near future. This Script can be executed in your OnPrem data center or as an Azure Automation Runbook.

We added an ExcludeList with Wildcards, so you an add some App Names, where there will be no notification

Prerequisites

First, we need to create an Azure App to provide all the permissions required. Yes, that one will also be monitored by the Script

MS Graph References:

• List applications – Microsoft Graph v1.0 | Microsoft Docs
• List servicePrincipals – Microsoft Graph v1.0 | Microsoft Docs

Create an Azure App Registration and add the following GRAPH API Application Permissions

• Application.Read.All
• Application.ReadWrite.All
• Directory.Read.All
• User.Read

Create a Secret and copy the Value

If your are not familiar with Azur eapp Regs, and how als this work together, see my Blogs Post for Details:

To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy

Second, we are sending an Email using Graph API, so see my previous Blog Post for Details and Enter the GRAPH Details in the Script: Send Mail with PowerShell and Microsoft Graph API – TechGuy

With all this information, we can take a look at the Script

The Script

Please fill in Settings and the Azure App Details til the Line “#STOP HERE”

The Script will send you an email for each Azure App or SP, which will expire within the next 90 Days ($TimeSpanInDays).

Already expired ones will not trigger an Email

The Variable $ExcludedList can be used to add Names with Wildcards, those App will be ignored

#Settings
$TimeSpanInDays = 90
$MailSender = "Mail Sender Mail"
$MailRecipient = "Mail Recipient Mail"

#Azure App Credentials to get Apps and SP
$EXPIRE_AppId = "your EXPIRE APP Client ID"
$EXPIRE_secret = "your EXPIRE APP Secret"

$tenantID = "Azure Tenant ID"

#Azure App Credentials to send the Mail
$MAIL_AppId = "your Mail Client ID"
$MAIL_secret = "your Mail Secret"

#ExcludeList
$ExcludedList = "*(Power Virtual Agents);*(Microsoft Copilot Studio);RSC-CAM-Einfahrt"
$ExcludedListArray = $ExcludedList -split ";"


#STOP HERE!

#Connect to GRAPH API with EXPIRE credentials
$EXPIRE_tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $EXPIRE_AppId
    Client_Secret = $EXPIRE_secret
}
$EXPIRE_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $EXPIRE_tokenBody
$EXPIRE_headers = @{
    "Authorization" = "Bearer $($EXPIRE_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



#Connect to GRAPH API with MAIL Credentials
$MAIL_tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $MAIL_AppId
    Client_Secret = $MAIL_secret
}
$MAIL_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $MAIL_tokenBody
$MAIL_headers = @{
    "Authorization" = "Bearer $($MAIL_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}


#functions
function Get-AzureResourcePaging {
    param (
        $URL,
        $AuthHeader
    )

    # List Get all Apps from Azure

    $Response = Invoke-RestMethod -Method GET -Uri $URL -Headers $AuthHeader
    $Resources = $Response.value

    $ResponseNextLink = $Response."@odata.nextLink"
    while ($ResponseNextLink -ne $null) {

        $Response = (Invoke-RestMethod -Uri $ResponseNextLink -Headers $AuthHeader -Method Get)
        $ResponseNextLink = $Response."@odata.nextLink"
        $Resources += $Response.value
    }
    return $Resources
}


#Build Array to store PSCustomObject
$Array = @()



# List Get all Apps from Azure
$URLGetApps = "https://graph.microsoft.com/v1.0/applications"
$AllApps = Get-AzureResourcePaging -URL $URLGetApps -AuthHeader $EXPIRE_headers


#Go through each App and add to our Array
foreach ($App in $AllApps) {

    $URLGetApp = "https://graph.microsoft.com/v1.0/applications/$($App.ID)"
    $App = Invoke-RestMethod -Method GET -Uri $URLGetApp -Headers $EXPIRE_headers

    if ($App.passwordCredentials) {
        foreach ($item in $App.passwordCredentials) {
            $Array += [PSCustomObject]@{
                "Type"           = "AZAPP"
                "displayName"    = $app.displayName
                "ID"             = $App.ID
                "AppID"          = $app.appId
                "SecType"        = "Secret"
                "Secret"         = $item.displayName
                "Secret-EndDate" = (Get-date $item.endDateTime)
            }
        }
    }


    if ($App.keyCredentials) {
        foreach ($item in $App.keyCredentials) {
            $Array += [PSCustomObject]@{
                'Type'           = "AZAPP"
                'displayName'    = $app.displayName
                'ID'             = $App.ID
                'AppID'          = $app.appId
                'SecType'        = "Zert"
                'Secret'         = $item.displayName
                'Secret-EndDate' = (Get-date $item.endDateTime)
            }
        }
    }
}




#Get all Service Principals
$servicePrincipals = "https://graph.microsoft.com/v1.0/servicePrincipals"
$SPList = Get-AzureResourcePaging -URL $servicePrincipals -AuthHeader $EXPIRE_headers


#Go through each SP and add to our Array
foreach ($SAML in $SPList) {
    if ($Saml.passwordCredentials) {
        foreach ($PW in $Saml.passwordCredentials) {
            $Array += [PSCustomObject]@{
                'Type'           = "SP"
                'displayName'    = $SAML.displayName
                'ID'             = $SAML.id
                'AppID'          = $Saml.appId
                'SecType'        = "Secret"
                'Secret'         = $PW.displayName
                'Secret-EndDate' = (Get-date $PW.endDateTime)
            }
        }
    }
}



$ExpireringZerts = $Array | Where-Object -Property Secret-EndDate -Value (Get-Date).AddDays($TimeSpanInDays) -lt  | Where-Object -Property Secret-EndDate -Value (Get-Date) -gt

foreach ($Zert in $ExpireringZerts) {
    $Exclude = $False
    foreach ($Entry in $ExcludedListArray) {
        if ($Zert.displayName -like $Entry) {
            $Exclude = $True
        }
    }
    if ($Exclude) {
        #do nothing
    }
    else {

        $HTML = $Zert | Convertto-HTML -Fragment -As List

        $URLsend = "https://graph.microsoft.com/v1.0/users/$MailSender/sendMail"

        $BodyJsonsend = @"
                        {
                            "message": {
                              "subject": "Azure App or SPN will expire soon $($Zert.displayName)",
                              "body": {
                                "contentType": "HTML",
                                "content": "$HTML
                                <br>
                                Michael Seidl (au2mator)
                                <br>

                                "
                              },
                              "toRecipients": [
                                {
                                  "emailAddress": {
                                    "address": "$MailRecipient"
                                  }
                                }
                              ]
                            },
                            "saveToSentItems": "false"
                          }
"@

        Invoke-RestMethod -Method POST -Uri $URLsend -Headers $MAIL_headers -Body $BodyJsonsend
    }
}

GitHub Repo

Here you can find the GitHub Repo: Seidlm/Microsoft-Azure: Azure Rest API Examples (github.com) with the Script

Michael Seidl aka Techguy
au2mate everything

The post Monitor your Azure Secrets, Zerts and SPN’s Expire Date with PowerShell – now with an Exclude List appeared first on TechGuy.

This is the written version of my Equipment and Workflow.

Ideas

So, I get my ideas for the podcast from my community or my sessions. I started a year ago with my first “non Technical” session, “Get Sh*t done in IT,” and this was the beginning of my Podcast. I still do that session, and I get the feedback and Questions that I am trying to put in my Podcast.

Also, People are writing to me on LinkedIn and asking Questions about my Podcast.

I also bring my own ideas in for some episodes.

However, the main goal is to produce a podcast for the community.

Equipment

My recent Equipment looks like this, but this is constantly changing, as I am just a techy nerd and always try something new

• Elgato Teleprompter with Facecam Pro (For 4k Video Recording and Exe Contact)
• 2 Elgator Key Lights behind my Monitor (Better Lights in my Room for recording)
• YETI Blue USB Microphone (perfect Audio)
• Apple Mac Book (it just feels better )
• and some Mounts

I am also working on a mobile Set right now, I will keep you updated.

Workflow

My Workflow was very important from the beginning, as I wanted to reduce production time to a minimum. I only chose Platforms and tools with an API to automate as much as possible.
Let’s see the Process.

Idea

My Ideas and notes are stored in Notion. So there are Ideas for future Episodes and all Details for my past Episodes, which are synced automatically with Azure Automation to Podigee.

Recording

I use Riverside.fm to record my Podcast. The benefit is that Riverside is taking care of the Audio and Video, so I ran some AI magic, and my Video and Audio are fine.

Audio Production

Finally, I am using Adobe Audition to produce the audio file. Here, I have to record the “Hook Phrase” at the beginning, and I arrange INTRO and OUTRO. The result is the ready to use Audio File, which I can Upload to my Podcast Hoster

Podcast Hoster

For this, I use Podigee, so the Episodes are automatically synced from Notion to Podigee via API; I only have to upload the final Audio File, and that’s it.

Social Media

To promote my Podcast, I use shot Videos to publish on TikTok, Instagram, Twitter, YouTube, and LinkedIn. To create these short Videos, I use Opus CLIP Pro, which takes a full-length video and automatically creates short videos with AI. I got around 5-7 Short Videos out of a Podcast Episode in each Language.

Those Videos are then downloaded and finished with Adobe Premier Rush to add an INTRO and OUTRO.

Finally, I uploaded the video to a Notion Table, where I planned the social media posts. Then, they are synced and planned with Azure Automation to Metricool.

Result

So, the result is that I produce a double Episode (English and German) of about 10-15 Minutes each in about 1 Hour

5 Minutes: Ideas and some preparations

up to 30 Minutes for recording (15 min each language)

10 Minutes Audio Production

10 Minutes Video Production

5 Minutes Social Media Planning

That’s it; that’s the “Magic” behind my Podcast. Let me know if you have any improvements.

PODCAST RECORDING

Michael Seidl aka Techguy
au2mate everything

PS: Some Links might be Affiliate Links

The post Behind the Scenes: Podcast Equipment and Automation Techniques appeared first on TechGuy.

We often see that things don’t go well or that the Alerts are not monitored. When we do Azure Automation Consulting, we also take care of Alerts, so we use simple Mail Alerting in Azure.

Here I want to show how we are configuring this at our Customers.

Open portal.azure.com with appropriate Permissions to create an Alert Rule and create a Diagnostic Setting

Open your Azure Automation Account

Navigate to Monitoring/Diagnostic settings

and click “Add diagnostic setting.”

select “allLogs” and “AllMetrics”

Select “Send to Log Analytics workspace” and select or create a Log Analytics workspace.

Click “Save.”

Navigate to Monitoring/Alerts in the same Automation Account

Create a new “Alert Rule.”

On the “Condition” Tab, choose “Custom Log Search” from Signal name

Enter the following Query in the “Search Query”

// Find logs reporting errors in automation jobs from the last day 
// List all the errors in the automation jobs. 
// To create an alert for this query, click '+ New alert rule'
AzureDiagnostics 
| where ResourceProvider == "MICROSOFT.AUTOMATION" 
| where StreamType_s == "Error" 
| project TimeGenerated, Category, JobId_g, OperationName, RunbookName_s, ResultDescription, _ResourceId 

Choose the following Option at Measurement and Alert Logic

At the “Actions” Tab, choose “Use quick actions” and configure your Mail Alert

At the “Details” Page, choose your preferred Alert Details

I would recommend choosing “1- Error” for Severity; the rest is up to you and your Environment

So, whenever an error happens in one of your Runbooks, you should receive an email

The Scenario

So, when you have a Runbook that shows the State “Completed” but throws an error inside with “Write-Error,” you usually will not be notified. It will not show up on the Main Logs Page.

So, with our solution, you will receive an Email like this

By the click on “View query results,” you will see the triggered runbook that caused the Error

So, no more excuses that Alerting it to complicates.

The cost of this will be around 1,50 Euro per Month.

Michael Seidl aka Techguy
#autoamtionmindset

The post Mail Alerting on Azure Automation Accounts appeared first on TechGuy.

• Application – OneDrive
  • Files.Read.All
  • Files.ReadWrite.All
  • Sites.Read.All
  • Sites.ReadWrite.All
• Application – Mail
  • Mail.Send

More Details here: DriveItem – OneDrive API – OneDrive dev center | Microsoft Learn

The Script

Here is the full Script with comments. Please remember that the scripts are maintained on GitHub, so I recommend navigating to the latest version of GitHub.

#OneDrive Detais
$OneDrive_User="michael.seidl@au2mator.com" #User UPN for OneDrive
$OneDrive_Path="0-Temp" # Full path in OneDrive from root, example "0-Temp/My Files/Folder1"
$OneDrive_FileName = "Hello World.pdf" #File Name to send in the Path from above


#Global GRAPH API Details
$tenantID = "your Tenant ID"
$GraphAPI_BaseURL="https://graph.microsoft.com/v1.0"



#OneDrive Graph API Details
$clientID_OneDrive = "Your Client ID for OneDrive"
$Clientsecret_OneDrive = "your Scret"

#Mail Graph API Details
$clientID_Mail = "your Client ID for Mail"
$Clientsecret_Mail = "your Secret"



#Mail Details
$MailSender="michael.seidl@au2mator.com"
$Recipient="michael.seidl@au2mator.com"

#Graph API Authentication
$tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $clientID_OneDrive
    Client_Secret = $Clientsecret_OneDrive
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody
$headers_OneDrive = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



#Define temp File Donwload Path
$Out = "$env:TEMP\$OneDrive_FileName" 

#Get File from OneDrive
#Get the Drive for the next step
$Drive = Invoke-RestMethod -Uri "$GraphAPI_BaseURL/users/$OneDrive_User/drive" -Method GET -Headers $headers_OneDrive

#Get all Child Elements from your folder
$DestFolder = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/michael.seidl@au2mator.com/drives/$($Drive.id)/root:/$($OneDrive_Path):/children" -Method GET -Headers $headers_OneDrive 

#Query your file
$FileQuery=$DestFolder.value | Where-Object -Property name -Value "$OneDrive_FileName" -eq

#Download your File
Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/michael.seidl@au2mator.com/drives/$($Drive.id)/items/$($FileQuery.id)/content" -Method GET -Headers $headers_OneDrive -OutFile $Out


  
#Convert File to Base64
$base64string = [Convert]::ToBase64String([IO.File]::ReadAllBytes($Out))



#Send Mail
#Connect to GRAPH API
$tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $clientID_Mail
    Client_Secret = $Clientsecret_Mail
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody
$headers_Mail = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}





#Send Mail
$URLsend = "https://graph.microsoft.com/v1.0/users/$MailSender/sendMail"
$BodyJsonsend = @"
                    {
                        "message": {
                          "subject": "au2mator $InvoiceNumber",
                          "body": {
                            "contentType": "HTML",
                            "content": "$MailText
                            "
                          },
                          
                          "toRecipients": [
                            {
                              "emailAddress": {
                                "address": "$Recipient"
                              }
                            }
                          ]
                          ,"attachments": [
                            {
                              "@odata.type": "#microsoft.graph.fileAttachment",
                              "name": "$($OneDrive_FileName)",
                              "contentType": "text/plain",
                              "contentBytes": "$base64string "
                            }
                          ]
                        },
                        "saveToSentItems": "true"
                      }
"@



Invoke-RestMethod -Method POST -Uri $URLsend -Headers $headers_Mail -Body $BodyJsonsend  -ContentType "application/json; charset=utf-8"

Github

Make sure to get the latest version from GitHub: Seidlm/Microsoft-Graph-API-Examples (github.com) (Send OneDrive File via Mail.ps1)

Michael Seidl aka Techguy
au2mate everything
#AutomationMindset

The post Send a OneDrive File via Mail with MS GRAPH API and Powershell appeared first on TechGuy.

From this, I also tried to send a Teams Appointment Invite with Powershell and Graph API. The result is below.

• Application
  • Calendars.ReadWrite

More Details here: Create event – Microsoft Graph v1.0 | Microsoft Learn

The Script

Here is the full Script with comments. Please remember that the scripts are maintained on GitHub, so I recommend navigating to the latest version of GitHub.

$clientID = "your ClientID"
$Clientsecret = "Your Secret"
$tenantID = "your TenantID"

$Graph_BaseURL = "https://graph.microsoft.com/v1.0"


#Calendar User
$TargetUser="michael.seidl@au2mator.com"


#Invite User
$RecipientMail="ahmed.uzejnovic@au2mator.com"
$RecipientName="Ahmed Uzejnovic"
$RecipientType="required" #required, optional



#Teams Event Details
$TeamsEventSubject = "My Teams-GRAPH API Event"
$TeamsEventBody = "Thats my awesome Teams-GRAPH API Event Body"

$TeamsEventStart = "2024-02-25T09:00:00"
$TeamsEventEnd = "2024-02-25T10:00:00"
$timeZone = "UTC"



#Authentication
#Connect to GRAPH API
$tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $clientId
    Client_Secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody
$headers = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



$TeamsEventJson = @"
{
  "subject": "$TeamsEventSubject",
  "isOnlineMeeting": true,
  "onlineMeetingProvider": "teamsForBusiness",
  "attendees": [
    {
      "emailAddress": {
        "address":"$RecipientMail",
        "name": "$RecipientName"
      },
      "type": "$RecipientType"
    }
  ],
  "body": {
    "contentType": "HTML",
    "content": "$($TeamsEventBody)"
  },
  "start": {
      "dateTime": "$($TeamsEventStart)",
      "timeZone": "$timeZone"
  },
  "end": {
      "dateTime": "$($TeamsEventEnd)",
      "timeZone": "$timeZone"
  }
}
"@


$TeamsEvent = Invoke-RestMethod -Uri "$Graph_BaseURL/users/$TargetUser/calendar/events" -Method POST -Headers $headers -Body $TeamsEventJson -ContentType "application/json; charset=utf-8"

The Result

Github

Make sure to get the latest version from GitHub: Seidlm/Microsoft-Teams (github.com) (New Teams Invite.ps1)

Michael Seidl aka Techguy
au2mate everything
#AutomationMindset

The post Create a Teams Appointment with MS GRAPH API and Powershell appeared first on TechGuy.

So, we need Powershell and the Following GRAPH API Permission for our Script.

• Application
  • Calendars.ReadWrite

More Details here: Create event – Microsoft Graph v1.0 | Microsoft Learn

The Script

Here is the full Script with comments. Please remember that the scripts are maintained on GitHub, so I recommend navigating to the latest version of GitHub.

$clientID = "your Client ID"
$Clientsecret = "your Secret"
$tenantID = "your Tenant ID"

$Graph_BaseURL = "https://graph.microsoft.com/v1.0"


#Calendar User
$TargetUser="michael.seidl@au2mator.com"


#Simple Event Details
$EventSubject = "My GRAPH API Event"
$EventBody = "Thats my awesome GRAPH API Event Body"
$EventLocation = "Microsoft Headquarter"

$EventStart = "2024-02-10T09:00:00"
$EventEnd = "2024-02-10T10:00:00"
$timeZone = "UTC"



#Authentication
#Connect to GRAPH API
$tokenBody = @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $clientId
    Client_Secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody
$headers = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



$SimpleEventJson = @"
{
  "subject": "$EventSubject",
  "location":{
    "displayName":"$EventLocation",
    "address":{
        "street":"4567 Main St",
        "city":"Redmond",
        "state":"WA",
        "countryOrRegion":"US",
        "postalCode":"32008"
      },
},
  "body": {
    "contentType": "HTML",
    "content": "$($EventBody)"
  },
  "start": {
      "dateTime": "$($EventStart)",
      "timeZone": "$timeZone"
  },
  "end": {
      "dateTime": "$($EventEnd)",
      "timeZone": "$timeZone"
  }
}
"@

$SimpleEvent = Invoke-RestMethod -Uri "$Graph_BaseURL/users/$TargetUser/calendar/events" -Method POST -Headers $headers -Body $simpleEventJson -ContentType "application/json; charset=utf-8"

The Result

Github

Make sure to get the latest version from GitHub: Seidlm/Microsoft-Graph-API-Examples (github.com) (New Outlook Appointment.ps1)

Michael Seidl aka Techguy
au2mate everything
#AutomationMindset

The post Create an Outlook Appointment with MS GRAPH API and Powershell appeared first on TechGuy.