Why shouldn't accounts be created manually?

Humans are inconsistent, forgetful creatures. Ask us to do the same thing two or three times and chances are we'll do it two or three different ways. Manually clicking through a UI to create accounts leaves room for error, takes time, and ultimately costs money, particularly if the job is outsourced. Greater consistency, efficiency, and savings is an easy sell.

In this article, we'll build a system that creates accounts in two clicks.

Creating Entra ID accounts programmatically

There's two s...

Assigning permission

Recently I needed to grant a Powershell script, running in a Function App in Azure, access to read the properties of devices in Intune. I quickly generated a managed identity for the app and went to assign it the "DeviceManagementManagedDevices.Read.All" permission for MS Graph. It turned out that none of the built-in roles in Azure included this permission, and that it was necessary to use use Powershell instead.

The examples I found used the deprecated AzureAD powershell module, so I built a new script with the updat...