portal.microsoftonline.com down (fixed)

It seems portal.microsoftonline.com is down, this may affect OnedriveMapper users, some tenants seem to get redirected during the logon process to portal.microsoftonline.com, but many also don’t. If you’re affected, open a ticket with Microsoft.

OnedriveMapper will show this in the log: | ERROR | Error detected while following redirect, check the FAQ for help

Update: it seems only ADFS / federated tenants are affected.

Update: the RPT update command seems to have fixed the issue for most of those affected.

OnedriveMapper v3.14 released!

Version 3.14 of OneDriveMapper has been released:

  • added an ‘always reset IE cookies’ option
  • completely revamped the way you configure mappings (make sure you read the help in the code!)
  • optionally, map to Network Locations instead of Driveletters (thanks Tom!)
  • Most options are no longer mandatory
  • OnedriveMapper Cloud no longer supported (as announced last year)
  • New and greatly enhanced Folder Redirection functions, including automatic copying of source content
  • Optional client certificate selection based on certificate template name
  • Automatic certificate refresh if no client certificate is present, when using client certificates as auth mode
  • Some bugfixes and major code cleanup
  • Usage of environment variable to determine mapping driveletter removed

As always, make sure to test before deploying to production, I’ve only tested Azure AD and a single ADFS setup.

Get the new version here

set Intune MDM user scope to ALL using Powershell and hidden API

If you want to change the settings on this page (or most Azure Portal pages) programmatically:

Microsoft’ll tell you to use your browser, there is no API/PS for this yet. As I really hate the answer “no”, I used Fiddler and baked some Powershell:


login-azurermaccount
$context = Get-AzureRmContext
$tenantId = $context.Tenant.Id
$refreshToken = $context.TokenCache.ReadItems().RefreshToken
$body = "grant_type=refresh_token&refresh_token=$($refreshToken)&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
$apiToken = Invoke-RestMethod "https://login.windows.net/$tenantId/oauth2/token" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'

$header = @{
'Authorization' = 'Bearer ' + $apiToken.access_token
'Content-Type' = 'application/json'
    'X-Requested-With'= 'XMLHttpRequest'
    'x-ms-client-request-id'= [guid]::NewGuid()
    'x-ms-correlation-id' = [guid]::NewGuid()
}
$url = "https://main.iam.ad.ext.azure.com/api/MdmApplications/eab0bcaf-9b2e-4e62-b9be-2eea708422f8?mdmAppliesToChanged=true&mamAppliesToChanged=true"

$content = '{"objectId":"eab0bcaf-9b2e-4e62-b9be-2eea708422f8","appId":"0000000a-0000-0000-c000-000000000000","appDisplayName":"Microsoft Intune","appCategory":null,"logoUrl":null,"isOnPrem":false,"appData":{"mamEnrollmentUrl":null,"mamComplianceUrl":null,"mamTermsOfUseUrl":null,"enrollmentUrl":"https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc","complianceUrl":"https://portal.manage.microsoft.com/?portalAction=Compliance","termsOfUseUrl":"https://portal.manage.microsoft.com/TermsofUse.aspx"},"originalAppData":{"mamEnrollmentUrl":"https://wip.mam.manage.microsoft.com/Enroll","mamComplianceUrl":"","mamTermsOfUseUrl":"","enrollmentUrl":"https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc","complianceUrl":"https://portal.manage.microsoft.com/?portalAction=Compliance","termsOfUseUrl":"https://portal.manage.microsoft.com/TermsofUse.aspx"},"mdmAppliesTo":2,"mamAppliesTo":2,"mdmAppliesToGroups":[],"mamAppliesToGroups":[]}'
Invoke-RestMethod –Uri $url –Headers $header –Method PUT -Body $content -ErrorAction Stop

You can do almost anything using the above snippet and changing the endpoint URL and POST contents. Use Fiddler to capture, then replicate in code 🙂

Be warned and use at your own risk, obviously this method is unsupported.

Edit 2021: I highly recommend using my new MFA-proof independent token function to call the main.iam API.