MattiasVdl – MattiasVdl

Export Last Sign-in data for all users

GitHub

mattiasvdlbe/Azure Active Directory/ExportLastSigninAllUsers

Why?

We wanted to do a clean-up of our Microsoft tenant.
All accounts which where inactive for a long time needed to be removed.
We noticed there was no way to make a quick export of the “Last sign-in” date of all users.
You can visualise these dates in the Microsoft Entra user page, but if you create an export of the users, this data is missing.

Microsoft Entra admin center – Last (non-)interactive sign-in time

What?

Script which creates a .csv export containing the Last interactive and non-interactive sign-in for all users on the tenant.
The data in this export can be successful or unsuccessful.

How we got here?

After some searching, I found a way to export this data using PowerShell and the AADPreview module.
However, on further inspection, I noticed the export was limited to only 1000 records.
This was by far insufficient, as it only covered a couple of days of activity on our tenant.

The search continued.
In the end, I arrived at the Microsoft Graph as the easiest way to create an export of the list Sign-in data from the users in our tenant.

While exploring what I could export from the Graph, I found the correct data but noticed the data was paged, as it the number of records was to big.
You couldn’t view all records in one go.
Also the data was in .json format which wasn’t ideal.

While searching for a way to export all records to 1 .csv file, I came across this great response of “JanardhanaVedham-MSFT” on a post on the Microsoft Learn website.
The script he posted was exactly what I was looking for and worked perfectly fine.

Below I’ll explain in a bit more detail how exactly I got it to work.

How it works

Create an Azure App Registration

Specify a name for this app registration.
All other settings are set correctly.

Microsoft Entra admin center – App Registration

Specify the API permissions for this app.
You can delete the default “User.Read.All” permission with Type “User”.
Then add the following 2 “Application permissions”:
– AuditLog.Read.All
– User.Read.All

After adding these permissions you’ll have to Grant admin consent for MSFT.
For this you’ll need a Global Administrator.

Microsoft Entra admin center – App Registration – API permissions

Copy the “Application (client) ID” and “Directory (tenant) ID” to the PowerShell script you can download on my GitHub.

Microsoft Entra admin center – App Registration – App ID & Tenant ID

Finally, we need to create the App Secret.
Go to “Cetificates & secrets” and create a new “Client secret”
You can chose description and the time the secret will be valid.

Microsoft Entra admin center – App Registration – Create Client Secret

After creating the Client secret, you can copy the “Value” to the Powershell script, and afterwards, the script should be working.

Microsoft Entra admin center – App Registration – Client Secret Value

Make sure to copy the Client Secret immediately, as it will be hidden automatically after the admin logs off, and possibly after some time.
It’s not possible to retrieve this secret afterwards.

Microsoft Entra admin center – App Registration – Client Secret Value Hidden

In case you forgot to copy the secret value, and it’s hidden, you’ll have to create a new one.
Also remember this secret is only valid for the specified period.
You will need to create a new secret after this period if you want to keep using the script.

Run the script now you’ve filled in the necessary Azure App Registration details.

You’ll find the export here:

C:\Temp\ReportUserSignin.csv

All set to open the report in Excel, or any other application you want to use to analyse or work with the .csv file.

Get this data through Postman

You can also access this data through Postman.
Below I’ll go through the steps to set Postman up and get this same export.

First, Install Postman on your pc.
Postman API Platform
You can also use it in your browser, but you’ll need to perform an extra step then. This is explained well in the video Jeremy Thake made (Getting started with Microsoft Graph Postman workspace (youtube.com).
I’ll cover how I got it to work in the desktop version.
Once you’ve got Postman installed, it will ask you to create an account.
Do this and once your signed in, and got Postman open on your pc, you can continue.
Go to https://aka.ms/graphpostmanwkspc and create a fork of this workspace.

Postman – Create a fork of Microsoft Graph workspace

Open de desktop app of Postman and add your “Environment”.

Change the name of the environment to something you’ll recognise.
In my case I’ve used my tenant name “MattiasVdl”.
Then add the 3 variables we’ll need:
– ClientID
– ClientSecret (I’ve made the Type “Secret” as I prefer the secret to be hidden after it’s entered)
– TenantID

The values you need to fill in here need to be created by creating an new App Registration for Postman.

Create a new App registration in Microsoft Entra.
Give it a name, and don’t forget to set the “Redirect URI” to “Web” and https://oauth.pstmn.io/v1/browser-callback

This is also described in the “Get Started part in the Graph Workspace you just forked.

Microsoft Graph workspace – Get started – Step 2: Create an Azure AD application

Copy the “Application (client) ID” and paste it under “ClientID” in the Environment you created.
Do the same for the “Directory (tenant) ID” which needs to be pasted under “TenantID” in the Environment.

Postman – Environment – ClientID & TenantID

After adding these permissions you’ll have to Grant admin consent for MSFT.
For this you’ll need a Global Administrator.

Now we’re only missing the “Client Secret”.
For this we’ll need to create a new “Client secret” for the App registration we made.

Copy the “Value” of the client secret you created, and paste it under “ClientSecret” in your newly created environment in Postman.

Make sure to copy the Client Secret immediately, as it will be hidden automatically after the admin logs off, and possibly after some time.
It’s not possible to retrieve this secret afterwards.
In case you forgot to copy the secret value, and it’s hidden, you’ll have to create a new one.
Also remember this secret is only valid for the specified period.
You will need to create a new secret after this period if you want to keep using the script.

Don’t forget to Save the configuration of your Environment

Make sure you have your Environment selected on the top right in Postman, then go to the “Application” folder in the fork you created and go to the tab “Authorization”.
This is where we’ll have to request our token to be allowed to make the calls to the Graph.

Postman – Microsoft Graph workspace – Application – Authorization

When you hover over the text in red, you’ll notice the values of your environment are being used.

Postman – Microsoft Graph workspace – Application – Authorization – Hover over variables

Scroll all the way down and click on “Get New Access Token”
You should receive this notification.

Postman – Microsoft Graph workspace – Application – Authorization – Authentication complete

Click on “Proceed”, and you’ll see the token.
Click on “Use Token”

Postman – Microsoft Graph workspace – Application – Authorization – Use Token

Now you should see the token is saved in the application

Postman – Microsoft Graph workspace – Application – Authorization – Token loaded

Everything is set up now to make the request for the data through Postman.
First I create a new folder under “Application” in my fork of the Microsoft Graph.
In this folder I’ll save my own requests.
Here you’ve got an example of the request I created and executed in Postman.

Postman – Microsoft Graph workspace – Application – New Request created and called

The results we get back from Postman are in .json format, so you’ll have to convert it in case you want it in another format.
Also, this method does not load all row, but limits it to the top 999 in this case.
Exporting many more than 1000 records is not recommended.
Instead you should use paging, which will then add “@odata.nextlink” to the export, to link you through to the request which will give you the data for the next x-number of records.
Example below:

Postman – Microsoft Graph workspace – Application – New Request – First response with nextlink

Postman – Microsoft Graph workspace – Application – New Request – Response from nextlink

Sources

Graph Explorer | Try Microsoft Graph APIs – Microsoft Graph
- Response of “JanardhanaVedham-MSFT” on this post on the Microsoft Learn site.
  https://learn.microsoft.com/en-us/answers/questions/658043/export-of-graph-query-results
  - Use Postman with the Microsoft Graph API – Microsoft Graph | Microsoft Learn
  - Use query parameters to customize responses – Microsoft Graph | Microsoft Learn

Manage window location using a script

GitHub

mattiasvdlbe/Windows/ManageAppLocation

Why?

We where asked to help with setting up the work desk of the operator of a new line which was being installed.
After talking to the people involved in the project, the operators and analysing what there exact requirements, we ended up suggesting 2 big 43″ 4k displays connected to 1 pc.

This made sure we had enough screen real estate to display all of the tools and applications which they need to do there job, but the default Windows window snapping system is insufficient.
The operator has more than 8 different windows, and some need to be shown bigger than others.

We could use FancyZones, which is part of Power Toys to customize where and how the different windows can be snapped in place.
However, if the user needs to snap all the different windows in place every time the pc is restarted, this would get really annoying.

We decided to check if we couldn’t achieve this with just a hotkey on the keyboard which calls a script.

After doing some research, I found the best and easiest way to achieve this currently is using a command line utility called NirCmd from NirSoft.

I would have preferred not having to use a 3rd party utility to achieve this, but this didn’t seem to be possible yet, or wasn’t as user friendly.
In the near future, we might be able to use the upcoming API exposed by the Windows UIAutomation platform, but this is only available at the moment if the Windows Insider Preview SDK is installed.

What?

Script in which we specify the size of specific windows, and where they need to be positioned on the screen.

NirSoft – NirCmd

Small application which allows you to do some usefull tasks without displaying any user interface.

I came across this application when I was looking for a way to control where different application windows would be located with the press of a button.
This was needed to make is easier / faster for the operator of the machine to get all his monitoring screens, camera feeds and others opened and positioned on the 2 big 43″ public displays he has in front of him.

How I exactly used this application to achieve this, is described in another post.

NirSoft – NirCmd

License: Freeware

Interesting websites when comparing / considering EV’s

Website with loads of information about EV’s and realistic range numbers:
https://ev-database.org/

EV-Route planning. How many times will you need to stop to charge, and where?
https://abetterrouteplanner.com/

Mobiliteit berekening

What I’m writing about in this post is based purely on my own calculations and insights on mobilty in Belgium / Flanders.
As such, I don’t think this will be relevant for people outside of Flanders, Belgium.
For this reason I’ve decided to write the rest of this article in Dutch.

Een tijdje terug heb ik een spreadsheet opgemaakt om te berekenen wat zelf een nieuwe wagen kopen, een wagen via de firma met loonsopoffering, of met het openbaar vervoer naar het werk beginnen gaan, me zou kosten.

https://docs.google.com/spreadsheets/d/1kyb4nBlMY5UkK5EkPmJ7hgfUBMLVec-qG9SstS6RTOE/edit?usp=sharing

Change the language of the users mailbox

A new employee started at the company I work for.
He speaks German, and our environment is set up in Dutch.

After creating and setting up his account, we noticed his mailbox remained in Dutch, even though we set the language everywhere we could in the GUI and AD to German (de-DE).
This included the changes I wrote about in this post:
https://www.mattiasvdl.be/display-language-in-hybrid-environment/

Outlook – Foldernames in Dutch while everything else in German

As everything is in German (web browser, Windows, Microsoft 365, …) except for his mailbox which was displayed in Dutch, I decided to user the Exchange Powershell module in order to check if I can find any language or regional settings which might be hidden in the UI.

And what do you know! That’s exactly what I found. A hidden setting in Exchange online which specifies the language of the mailbox.

Powershell ExchangeOnline module – MailboxRegionalConfiguration shows the hidden language setting

After changing the language here, you can force the folder names to be reset by starting Outlook using the “/resetfoldernames” argument.

The foldernames should now be displayed in the language you specified using Powershell.

Below you can find the code I used:

# Install the ExchangeOnline module incase you haven't got the module yet:
Import-Module ExchangeOnlineManagement

# Connect to ExchangeOnline:
Connect-ExchangeOnline -UserPrincipalName %YourAdminUPN%

# Check what language is currently set for the user:
Get-MailboxRegionalConfiguration -Identity %UPNOfTheUserMailbox%

# Change the language for this mailbox:
Set-MailboxRegionalConfiguration -Identity %UPNOfTheUserMailbox% -Language %LanguageCode%

# Disconnect from ExchangeOnline:
Disconnect-ExchangeOnline

The language codes you can use can be found here:
[MS-OE376]: Part 4 Section 7.6.2.39, LCID (Locale ID) | Microsoft Learn

Outlook – Teams Meeting – Change language of invite

Without meeting policy

By default, most users have the Office Display Language set to their native language.
When sending out a Teams meeting request in Outlook, you will notice this meeting request will use the Office Display Language.

If you prefer the meeting request to be sent out in a different language, you’ll have to adjust your Office Display Language to the language you prefer for the meeting requests.

Outlook – Change Office display language

After changing the Office display language, restart Microsoft Outlook and restart Outlook.

Note: After restarting Outlook, you’ll notice the first Teams meeting invite you try to create will still be in the language that was previously set.
Just close this meeting request and create a new one.
This one should be in your new Office display language.

Using a policy to set default meeting request language

In an Organisation environment, it might be more interesting if this can be managed by the system administrators.

It is possible to pin the language used for the meeting invites down by using a Teams Policy.
The option which needs to be set is sadly enough not visible in the Teams Admin Center, so we’ll have to adjust this setting through Powershell.
For this we’ll need to use the MicrosoftTeams Module.

Below you’ll find the PowerShell commands which I used to add the Teams Meeting invite in 2 languages when you click on the Teams Meeting button in Outlook.

Outlook – Example 2 languages in meeting request

As this is a policy change, you will need to have a policy group to which you want to assign it.
I’ve created a new Meeting Policy (MattiasVdlTestGroup) just for testing functionality:

In case you haven’t installed the MicrosoftTeams module yet in PowerShell, execute the following code:

Install-Module -Name MicrosoftTeams -Scope CurrentUser

When you’ve got the module installed, connect to your tenant using the command:

Connect-MicrosoftTeams

A pop-up window will appear in which you will have to select the account which has Teams admin rights.

First I want to check to make sure the custom Meeting Policy I created can be found and what settings can be set for it.
For this I used the following command:

Get-CsTeamsMeetingPolicy

This gave me this result:

Next we want to the languages for the meeting requests.
In my case, I’ve set the language “en-GB” and “it-IT”.
This is done with the following code:

Set-CsTeamsMeetingPolicy -Identity "MattiasVdlTestGroup" -MeetingInviteLanguages "en-GB,it-IT"

Language codes can be found here:
[MS-OE376]: Part 4 Section 7.6.2.39, LCID (Locale ID) | Microsoft Learn

Finally I wanted to assign this Meeting Policy to a custom security group I created in Azure Active Directory.
This is done in the Teams Admin Center:

Teams Admin Center – Group policy assignment

The policy with the lowest number has the highest priority.
More information about this:
Assign policies to users and groups – Microsoft Teams | Microsoft Learn

Source:

Teams Meeting Invitation Language Set by Meeting Policy (office365itpros.com)

Package and Upload Intune Win32 app using .ps1 script

GitHub

mattiasvdlbe/MS Endpoint Manager/Apps/PackageAndUploadIntuneWin32AppUsingPs1Script

Why?

A couple of months ago, I needed to create a lot of Win32 apps.
As I knew these apps would have to be updated and repackaged quite a few times in the future, I decided it would be worth the effort to automate this process using a script.

The purpose of these apps was to create a shortcut under the Start Menu of the end user which points to a script placed under %PROGRAMDATA%.
When executing this script, a check was done to see if the end user is working in the office or remote.
If the end user works remotely, then the application is started in an RDS environment. Otherwise, the app gets started locally on his device.

This post is focussed on the deployment of Intune Win32 apps using a Powershell script, and as such doesn’t contain the code I mentioned above.

What?

PackageAndUploadIntuneWin32App.ps1
This Powershell script contains all of the code to generate the 3 needed Powershell scripts, package the application and upload it to Intune.

The 3 Powershell scripts which need to be generated:
– App_MattiasVdl_Setup.ps1
This script is used to create the shortcut under the start menu, and copy the script, which is executed by the shortcut, to the correct location.
– App_MattiasVdl.ps1
This is the script which gets executed when a user clicks on the shortcut which was created under the Start Menu.
All logic which was in this script has been removed, and all it does now is display a message box.
– App_MattiasVdl_Detection.ps1
This script is used by Intune to detect whether or not the application has been correctly installed on the device.

To start off with, a lot of variables are declared which are later used in the application.

We specify an array which contains the different types of scripts which need to be created.

The script makes use of “template” scripts, in which there are strings of text that get replace by the correct values.
The location of these template scripts is defined in the variables.

We also specify in these variables what the name of the application needs to be, what icon to use and the log which should be used in Intune.

We use a foreach loop to generate the necessary scripts.

First we load the script into a variable, and save the output URL to a variable so we can use it later.

Next we modify the script which we loaded into a variable.
We replace all instanced of the variables we placed in the template (using the “{}” as a way to easily be able to replace the strings without replacing things which shouldn’t be replaced.

Then the modified script gets saved to the output URL which we saved to a variable earlier.

The script copies the icon over from the original location to the folder which will be be packaged and uploaded to InTune.

All necessary preparations have now been done and we’re ready to package the application.
This is done using the IntuneWinAppUtil.exe, which is also available on my Repository, but I recommend you download the latest version of this app from the original creator (microsoft/Microsoft-Win32-Content-Prep-Tool).

Now it’s time to upload the application to InTune.
First we set some of the variables which will be used.
Change the TenantID in line 106 “Connect-MSIntuneGraph” to your own TenantID.

In my example script I’m not setting any dependencies, supersedence or assignments.
These can all be added automatically, but in my case, I prefer to manually check up on the applications which are uploaded and assign them to the relevant groups manually.

App_Link_Application_Setup.ps1

This script contains the base code, which is edited by the main script, and is used to install the application script and shortcuts on the end-user device.

Note:
There are multiple ways of adding folders and files to your Start Menu.
Only for 1 user: %APPDATA%\Microsoft\Windows\Start Menu\Programs
For all users: %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs

Also keep in mind that the name of the shortcut can’t be the same of the name of the folder. If the name of the folder is identical to the name of the shortcut, then the folder will not be shown!