Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oct19 Meetup: Modern Workplace Management by Mirko Colemberg

Oct19 Meetup: Modern Workplace Management by Mirko Colemberg

The cloud-based modern workplace is the workplace of the future. It offers a great user experience to the employee. But how does it look on the other side, when it comes to the management and administration tasks? In this session we dive into advanced modern workplace management. We will speak about updates to systems and software, automation via Microsoft Graph and Powershell and the analysis of environments with Analytics Services.

About Mirko Colemberg:
Mirko is a Principal Architekt and works for baseVISION, a Microsoft Partner Company, this Company is focused in System Center Configuration Manager and Enterprise Mobility. Mirko works as a Principal Consultant in Small to Medium and Medium to Large Companies to implement Configuration Manager and Intune. He supports also Project Management and has done more than 30 HW/SW Rollouts in the past years.

Mirko is the founder, leader and speaker of the User Group “Configuration Manager Community Event” in Switzerland (configmgr.ch). He share his knowledge to others with a blog (blog.colemberg.ch.) and as a passionate MCT on Class trainings for SCCM and Intune. He is also on Big MS Events like TechEd and MS Ignite as a MCT-Ambassador involved to help Attendees to find the right Certification Way and also give tips to pass the Exams primarily for Configuration manager stuff.

You can find him at:
Blog: https://blog.colemberg.ch/
Twitter: https://twitter.com/mirkocolemberg

Azure Zurich User Group

October 29, 2019

More Decks by Azure Zurich User Group

Other Decks in Technology


  1. About me… Mirko Colemberg Workplace Mentor Windows Insider MVP /

    Enterprise Mobility MVP / MVM Contact Me: Twitter: @mirkocolemberg Blog: http://blog.Colemberg.ch Mail: [email protected]
  2. Scope Tags Tags are used to tag for example objects

    in Intune. These objects can be devices, policies, profiles and so on. If you have a group of device objects, you have to tag them separately. Unfortunately, there is no possibility of tagging a whole bunch of clients at the same time. In this case it is easier to use a script and do it with Graph API: https://github.com/microsoftgraph/po wershell-intune- samples/tree/master/RBAC#12- rbac_scopetags_deviceunassignps1
  3. Scope Group Scope Group means that there are some users

    or devices to manage such as a limited group of objects like devices (iOS, Android or Windows) or only part of them such as all iOS from Marketing, etc.
  4. Member Group Member are one or a group of people

    who have to manage the objects in the Scope Group.
  5. Role Roles have different kinds of permissions. A role can

    have only “Read” rights on specific objects or “Write” or “Create” rights. We can for example grant access to create a new configuration profile or only change a Config profile with reading and writing access. A role can be used multiple times.
  6. Assigenment The Assignment contains Tags, Groups and Group Members. They

    are assigned to a role, which is able to only one or even multiple assignments.
  7. Microsoft GRAPH HTTPS://GRAPH.MICROSOFT.COM/ A unified REST API endpoint Single resource

    that proxies multiple Microsoft services Allows for easy traversal of objects and relationships Access to data and intelligence Eliminates the need to discover endpoints Only one OAuth access token needed Available as a public API
  8. Microsoft graph – calling the API • Version: /v1.0 or

    /beta • Resource / Route: /users, /groups, /sites, /drives, /devices, more… • Member from collection: /users/dave • Property: /users/dave/department • Traverse to related resources via navigations: /users/dave/memberof • Query parameters: /users/dave/memberof?$top=5 o Format results: $select $orderby o Control results: $filter $expand /{version} ?{query-parameters} /{resource}/{id}/{property} /v1.0/users?$filter=u serPrincipalName eq '[email protected]'
  9. Microsoft Graph – Query Format REST requests use Standard HTTP

    methods GET POST PUT PATCH DELETE Provides the ability to pull data from Microsoft Graph Provides the ability to POST / ADD data into Microsoft Graph Provides the ability to PUT / ASSIGN data into Microsoft Graph Provides the ability to PATCH / UPDATE resources Provides the ability to DELETE individual resources from Microsoft Graph Data returned in JSON format Data sent to the service in JSON format Data sent to the service in JSON format Data sent to the service in JSON format
  10. Microsoft Graph – Relationships Microsoft Graph can show the relationships

    that it has with different resources GET: https://graph.microsoft.com/v1.0/me { "displayName": "Tenant Admin Account", "preferredLanguage": "en-US", "userPrincipalName": [email protected] } GET: https://graph.microsoft.com/v1.0/me/memberOf { "@odata.type": "#microsoft.graph.group", "id": "ee0af6a3-db7c-47dd-ac77-b74e2a1b8676", "displayName": "All Users" } GET: https://graph.microsoft.com/v1.0/me/ownedDevices { "value" : […] } GET: https://graph.microsoft.com/v1.0/me/assignedLicenses { "disabledPlans": [], "skuId": "9bc22083-45c4-4d60-93f1-39a540ac7649“ } Groups Devices Licenses
  11. What is JSON? JSON (JavaScript Object Notation) is a lightweight

    data-interchange format A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array. An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence. { "userPrincipalName": "[email protected]", "accountEnabled": true, "passwordProfile": { "password": "Password123", "forceChangePasswordNextLogin": false }, "mailNickname": "bob", "usageLocation": "GB", "displayName": "Bob Smith" }
  12. Using the API – Graph Explorer Request and see responses

    from Microsoft Graph Supports v1.0 and beta APIs Provides Sample Queries Activity History
  13. F12- Developer Mode • F12 in any web browser will

    bring you the developer mode • Here you can see all the Graph API calls and which methods that’s being used.
  14. Intune – PowerShell Module Available on GitHub today and in

    PowerShell Gallery: https://aka.ms/intunepowershell https://www.powershellgallery.com/pa ckages/Microsoft.Graph.Intune Supports v1.0 Graph Endpoints Parameter sets for properties PowerShell credentials for Authentication PowerShell Pipeline
  15. Reporting / Audit - Graph - Intune DWH - Overview

    - Seperated in every Section - Summary?