Skip navigation
Menu
Clouds in a dark sky
Cloud Computing and Edge Computing>IaaS and PaaS

FAQs: Azure AD and connecting machines to OMS workspaces via PowerShell

Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.

Read through the FAQ archives, or send him your questions via email.

Q. How can I add a new OMS workspace to an already deployed agent automatically?
Q. How can I view the members of a group in Azure AD with PowerShell?
Q. When using Azure AD what is the logon experience for the end user?

----------

Q. How can I add a new OMS workspace to an already deployed agent automatically?
Dept - OMS

A. The easiest way to add a new workspace to a machine that already has the agent, for example an Azure VM, is to use the PowerShell below after replacing the workspace ID and key with your own.

$WorkspaceID = 'ID'
$WorkspaceKey = 'KEY'

# Load agent scripting object
$AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg

# Add new OMS Workspace
$AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey)

Restart-Service HealthService

# Get all configured OMS Workspaces
$AgentCfg.GetCloudWorkspaces()

Q. How can I view the members of a group in Azure AD with PowerShell?
Dept - Azure

A. Using the AzureAD module its easy to view the members of a group:

install-module azuread #if not already installed
Connect-AzureAD

$TAGroup = Get-AzureADGroup -SearchString "Tech Architects"
$TAs = Get-AzureADGroupMember -ObjectId $TAGroup.ObjectId
foreach($TA in $TAs)
{
#Perform some action

Q. When using Azure AD what is the logon experience for the end user?
Dept - Azure AD

A. The logon experience varies depending on the type of client, the clients machine, the clients location and the authentication method being used for Azure AD.

Below I've tried to document the core experience for the user.

  1. If using federation for a domain joined machine then for most times you should not get prompted for username/password when using a web-based service providing the client is internal and not going through the WAP and the ADFS URL is added to Trusted Intranet Zones.
  2. If using password hash or pass-through authentication then the user will be prompted for the username/password as they will be directed to the Azure login page where they can enter their credentials (same sign on).
  3. If you also deploy seamless SSO (https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso) with the password hash/pass-through authentication then if you are domain joined and on the corporate network (or connected via VPN/DirectAccess to allow connectivity to domain controllers) then the user won’t get prompted for username/password
  4. If you are Azure AD joined then it will be SSO since you are actually logging on as the Azure AD account. Note if you are domain joined you cannot also Azure AD join however the device can be registered in Azure AD which enables use of conditional access policies.

 

 

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Boom CEO Steve Lucas
Boomi Aims to Tackle API Sprawl and Accelerate Integration With AI Power
May 10, 2024
caracal standing on a log
OpenStack Caracal Release Focuses on AI, Performance, Security
Apr 03, 2024
AWS management console mobile app icon on a smartphone
Navigating Single vs. Multiple AWS Accounts for Optimal Cloud Management
Feb 21, 2024
human finger and robot finger touching a cloud
Big 3 Cloud Providers Continue to Outperform as AI Drives Growth
Feb 02, 2024