Tag Archives: Azure

Connect-PnPOnline with certificate stored in Azure Key Vault

# cert stored in KeyVault
$orgName = "orgname"
$tenant = "$orgName.onmicrosoft.com"
$adminUrl = "https://$orgName-admin.sharepoint.com"
$clientID = "xxxx5b29-xx3d-xx0d-9axx-exxxxxxxxxfx"
$VaultName = 'AutomationVaultName'
$certName = 'CertificateName'
$secretSecureString = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certName 
$secretPlainText = ConvertFrom-SecureString -AsPlainText -SecureString $secretSecureString.SecretValue
$secretByte = [Convert]::FromBase64String($secretPlainText)
$x509Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($secretByte, "", "Exportable,PersistKeySet")

Connect-PnPOnline -Url $adminUrl -ClientId $clientID -Certificate $x509Cert -Tenant $tenant 

Based on:

https://docs.microsoft.com/en-us/powershell/module/az.keyvault/get-azkeyvaultcertificate?view=azps-5.3.0

https://stackoverflow.com/questions/43837362/keyvault-generated-certificate-with-exportable-private-key

Long-running PowerShell Office 365 reports

(WIP)

PowerShell is our best friend when it comes to ad-hoc and/or scheduled reports in Microsoft 365. PnP team is doing great job providing more and more functionality with PnP PowerShell module for Office 365 SharePoint and Teams.

Small and medium business organizations are mostly good, but for large companies it might be a problem due to just huge amount of data stored in SharePoint. PowerShell reports on all users or all sites might run days… which is probably OK if you run this report once, but totally not acceptable if you need this report e.g. daily/weekly or on-demand.

How can we make heavy PowerShell scripts run faster?

Of course, you start with logic (algorithm) and leveraging full PowerShell functionality.

(examples)

Parallelism

What if you did everything, but it still takes too long?
– Automation account runbook (+workflow)
– PowerShell 7 parallelism
– Azure VM in the region closest to your Tenant

TBC

References
PnP PowerShell

Microsoft Office 365 tenant exact location

Microsoft says: “Customers should view tenant specific data location information in your Microsoft 365 Admin Center in Settings | Org settings | Organization Profile | Data location.”
And it might look like:

That’s accurate to the geography (e.g. US, UE, AP), but not to the region (for instance – “Central US”, “UK West” or “Australia Southeast”).
In other words, If you know your data are in the US, you never know where exactly – East/West/Central or South US.
Meantime when you create an Azure resource (e.g. Virtual Machine) – you can select specific region.

How do I know – where is my Microsoft 365 tenant actually located?

Can we just ping the tenant, analyze result and find Office 365 tenant region?
Luckily, SharePoint tenant is pinging with just
PS>ping tenantName.SharePoint.com
I have tested 5 regions and 4 different tenants:

ping from/to (ms)tenant 1 (US)tenant 2 (EU)tenant 3 (US)tenant 4 (US)
North Europe731796101
East US1833931
Central US221142323
West US631463633
South Central US3111211

So for me it’s clear how to find Microsoft 365 tenant region exact locations.
My tenants ##3 and 4 are in South Central US, tenant # 1 resides in East US.

Why do I need this? Imagine you are running heavy reports against your tenant.
So probably you want your code running as close as possible to your tenant.
(please check also “Long-running PowerShell reports optimization in Office 365”)

References:
Where your Microsoft 365 customer data is stored