blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Unlocking Secrets: The Key Vault Role You Need

In my use of Azure Key Vault with code and flows with Managed Identities, I moved to role-based access control (RBAC) to manage access to secrets and certificates. However, I encountered a problem when using the Key Vault Reader” role as it denied me the required access to secret content. This experience highlighted the importance of understanding the specific roles within Azure Key Vault, and I want to share this insight to help others avoid similar pitfalls.

Grant permissions to the GT365 app

Our Governance Toolkit 365 (GT365) provides information and automation solutions for a Microsoft 365 tenant. In order to use the functions, this app must be approved by an administrator. In addition, new solutions are constantly being added. Some of these also require new permissions. You can find out how you as an administrator can grant and renew these permissions here.

Retrieve User PIM Role Assignments and History with Microsoft Graph REST API

Microsoft Entra Privileged Identity Management (PIM) allows administrators to manage role assignments efficiently, ensuring that users have the necessary permissions only when needed. By following a few simple steps, administrators can make users eligible for specific roles, activate roles as required, and manage both built-in and custom roles. This process enhances security by minimizing the duration and scope of privileged access, making it a crucial tool for maintaining a secure and compliant environment. In this article, we explore how to read a user's Microsoft Entra roles and history using PIM and the Microsoft Graph REST API.

List Flows as Admin V2 API endpoint

A year ago, Microsoft announced the Transition to List Flows as Admin V2 action from deprecated List Flows as Admin action” for Power Automate. Well, we were using the old API endpoint until it stopped working recently. It took some time until we found workarounds or a successor. Also the PnP modules still are using the old API, and the endpoint address is currently not documented on any Microsoft website. Find it here!

GT365-Team deep links no longer work in v2 client

Microsoft is rolling out the new Teams v2 client. This is now a Single Page Application (SPA), which means generated deep links no longer work. Unfortunately, this also affects the GT365 solution 09 and 11, e.g. to open the settings of a team and the management of members with a button. Here you can find out why this is the case and what workarounds are possible.

Azure Logic Apps Toolbox 10-Dynamic access to keys and values ​​in a JSON object

In Azure Logic Apps, looping through objects is a common requirement. When we have prior knowledge of an object’s properties, the process is straightforward. However, things get more challenging when attempting to access properties dynamically. See a method to access data in a JSON object dynamically here.

Working with Microsoft Entra ID Applications - Part 2

In Part 2 of this series we look into setting up and managing applications in a Microsoft 365 tenant. In Part 1, I focused on how Azure AD applications can be used to provide secure access control to data and services. I demonstrated how to create an Azure AD application in the home tenant and the importance of integrating with Azure AD for centralized app registration, management, and security measures.

Working with Microsoft Entra ID Applications - Part 1

Microsoft Entra ID (or Azure AD) applications are cloud-based applications that can be integrated with Azure AD for authentication and authorization purposes. Using such applications provides a way to centrally manage and secure access to your cloud-based applications and services using Azure AD identities and credentials.

Create a new Viva Engage Community with Graph

In early 2023, Microsoft renamed Yammer to Viva Engage. This year we see the first small integration of Viva Engage with Microsoft Graph in beta. This article shows how to provision a new Viva Engage community, add owners and members using Graph in an Azure Logic app.

atwork wins the Microsoft Austria Partner Innovation Award 2023

Congratulations to the atwork team behind the Sign Language Project (SLRproject.ai) for winning the Microsoft Austria Partner Innovation Award 2023! The project aims to develop a machine learning model that can automatically translate Sign Language into text and transmit this text into various communication programs, such as Microsoft Teams. It is an innovative development and research project for sign language recognition with Azure AI.

Dear Microsoft Entra Administrator, allow Guest users to leave-lifecycle and governance for external user accounts

This article describes the current issues with blocked guest user accounts and how to mitigate some of them. You will also see some recommended ways to improve lifecycle management while still have a good governance in place.
Sometimes being a guest in Microsoft Entra tenants feel like Hotel California:

You can check-out any time you like, but you can never leave!”