To recap, we've streamlined joining systems to Entra ID, automated software deployment, and set up a one-click account creation process. Depending on the size of your tech stack that may be sufficient, however, those last three articles don't help with non-Microsoft platforms like Zoom or Slack. SCIM is the solution.
What is SCIM?
SCIM is a protocol that allows for identity management between different pl...
Why shouldn't accounts be created manually?
Humans are inconsistent, forgetful creatures. Ask us to do the same thing two or three times and chances are we'll do it two or three different ways. Manually clicking through a UI to create accounts leaves room for error, takes time, and ultimately costs money, particularly if the job is outsourced. Greater consistency, efficiency, and savings is an easy sell.
In this article, we'll build a system that creates accounts in two clicks.
Creating Entra ID accounts programmatically
There's two s...
Win32 vs Line of Business
There's primarily two ways to install 3rd party Windows apps through Intune, Win32 (exe/msi) and Line of business (msi). LOB apps can be uploaded directly in the Intune portal, which is great, if the app's developer provides an msi installer. Win32 apps can be either exe or msi, but you have to use Microsoft's Content Prep Tool to package it before uploading to Intune. I've read that mixing LOB and Win32 apps can lead to installation delays during deployment, but I've mixed the two without issue in my current envir...
Assigning permission
Recently I needed to grant a Powershell script, running in a Function App in Azure, access to read the properties of devices in Intune. I quickly generated a managed identity for the app and went to assign it the "DeviceManagementManagedDevices.Read.All" permission for MS Graph. It turned out that none of the built-in roles in Azure included this permission, and that it was necessary to use use Powershell instead.
The examples I found used the deprecated AzureAD powershell module, so I built a new script with the updat...
Introduction
Onboarding employees can be time consuming, especially if IT is creating accounts and installing software manually. Adequate lead time from the business is necessary to account for IT's workload, hardware and software procurement, and setup. Often that lead time conflicts with when the employee needs to start work, leading to frustration for all involved. The goal of these posts is to provide solutions that remove IT as a blocker from the onboarding process.
The series consists of four parts, each covering a different stage o...