Azure Powershell MFA and Device Commands

As a guy who really likes to script things, I was very happy to read this today:

Firstly, my Powershell scripts / sessions can now be secured using MFA, without having to rewrite my scripts, except those where I built the Credential object with preset credentials….but that’s old anyway.

Secondly, I can now finally manage Registered Devices with the same Module, allowing me to use these commands:

  • Get-MsolDevice
  • Enable-MsolDevice
  • Disable-MsolDevice
  • Remove-MsolDevice

You can use either the owner’s UPN or the device ID with these commands.


Slowly but surely, the Office 365 dev team is adding reporting functionality to their platform, to the delight of admins and managers alike. For admins it means a lot less scripts to write, for managers it means knowing….stuff.

One report I missed was a report that tells me when users last logged on. Because if I have thousands of users, and they all consume licenses….I’d very much like to strip licenses from users that haven’t logged in since x amount of time.

Especially for companies with geographically dispersed users and inefficient exit procedures, this can save a lot of licensing costs over time.

My report was built in Powershell, and will check the last time the mailbox was accessed to determine the last logon date, this is not perfect, as I can image some organisations use specific licenses just for skype or dynamics, they will not benefit as much from this script, but in 99% of the times it should suffice 🙂

The script will list the user UPN, Name, Last Logon, Creation Date, Usage Location, Mailbox Size and Used Licenses.

Download: LicReport365_v0.5


Continue reading LicReport365

Azure Domain Services

Now isn’t this awesome?

Azure finally announces full support for all services that use Domain Controllers, natively! No more building your domain controllers on VM’s in Azure, it’s become an actual service with these (and more) features:

  • Native support (works like a real domain controller) for all protocols (kerberos, ntlm, ldap)
  • Group policies
  • Domain joins for devices
  • Compatible with and linked to Azure AD
  • Priced per hour

If you have your own domain, don’t forget to set up AADConnect with password sync enabled.

And this is a bit inconvenient, but if you’re running on Azure AD only, you’ll have to expire the passwords of all your users first.

But still, a much requested and anticipated feature we can finally start playing with!