Find Azure AD Error Descriptions

 

Recently I was working with a customer to troubleshoot Azure AD authentication errors logging into a custom application.  I knew that there is a support page for Azure AD Authentication and authorization error codes, but as the article points out “[e]rror codes and messages are subject to change”.  More interestingly they also linked to a page where you can get current information on error codes: https://login.microsoftonline.com/error.

 

Sample response:

AADErrorCodes1

 

Programmatic Response

If you would like to programmatically retrieve the output you can pass in the code…:

  1. as a query string parameter
  2. as a form-data submission on the body of the request.

See the sample screenshot below.  Only one option is necessary.

AADErrorCodes2

As you may notice, the response after submission is an HTML response and not JSON, XML, or another text format.  If you would like to see alternate output formats please upvote this Azure feedback suggestion to add JSON support.

Error details website – JSON support
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/40310266-error-details-website-json-support

 

Conclusion

In this post I showed a quick tip on how to retrieve current information on Azure AD authentication / authorization error codes.  Additionally you can retrieve it programmatically if needed as well as a feedback suggestion to upvote for additional output formats.  Hopefully this can help save you time troubleshooting scenarios should you need it.

-Frog Out

Webcast for DeVry University: Careers in Technology – Jan 2020

During the current period of uncertainty (related to COVID-19) for students of all ages I wanted to share a webcast I recently presented on “Careers in Technology”.  In January 2020 my neighbor (and fellow board game enthusiast) Prof. Gina Cooper, PhD invited me to talk with one of her online classes she teaches at DeVry University.  She has been asking me to present for a few years now so this was long overdue.  The students are in her 100-level Python programming class so I this is tailored to college (university or higher education if you are outside the US) students but the topics could apply to any level of school.

Below is the recording of this webcast.  Note that there are covered up portions of the screen recording to protect the privacy / faces of any students.  Thanks to the DeVry staff for providing this recording and the opportunity to present.  If you have any additional tips for students entering into their careers please share in the comments and I’ll incorporate if I present this session again.

Link to video: https://vimeo.com/403268529

 

-Frog Out

Newsletter #6 – Positivity through uncertainty

Note: today’s topic touches on the current COVID-19 pandemic.  While this has not directly impacted my own family’s life I know it has impacted many other families and individuals.  I write this post as the spouse of a medical professional and father of a family of 3 young children.  I do not trivialize what others are going through.  My hope is to share a light to others who are in darkness / uncertainty to find their way through this time.

TinyLetter-6-1

 

 

Positivity through uncertainty

During times of crisis like this COVID-19 (Coronavirus) pandemic there are many ways to react to our current situation.  Some people fall into despair while others step up to become leaders and survivors.  While it may feel like we have no control over how we react we can actually influence ourselves in certain ways.

Awhile back on Twitter a friend shared  found an interesting article about Science Proves That Gratitude Is Key to Well-Being.  The article describes how gratitude is linked to happiness and well-being.

“A 2003 study compared the well-being of participants who kept a weekly list of things they were grateful for to participants who kept a list of things that irritated them or neutral things. The researchers showed that the gratitude-focused participants exhibited increased well-being and they concluded that “a conscious focus on blessings may have emotional and interpersonal benefits.”

I’ve written about How I Do A Personal Monthly Retrospective.  No matter how good or bad my week or month has been, I find that I am in a much better state of mind after I do my retrospectives.  Much of that has to do with the fact that every single time (and I’ve gone back to verify) I write down more positives than negatives.  Over time this focus on the positives will lead you be more positive in general and others will also start to notice.

While this current time of COVID-19 pandemic, social distancing, and uncertainty in our daily lives can be difficult, try to focus on the positives in your life.  Daily or weekly write down at least 1-2 things that are going well in your life or the lives of others around you.  We will get through this and being in a positive state of mind will help.

What things are you thankful for?  I honestly would like to hear back from you in reply or comments.

P.S. I’m thankful I celebrated my birthday this morning with my wife and kids at home and virtually with my family through video chat later tonight.

-Frog Out

Searching for Truncated Files in GitHub Folder

I’m sharing out this tip as I ran into this scenario recently.  If you are ever browsing through the GitHub website for files in a repo folder but get the warning “Sorry we had to truncate this directory… files were omitted from the list.” then this post may help.

 

Solution

I was recently browsing the Microsoft Graph .Net SDK repo through the GitHub website looking for the various Message functions.  Unfortunately the folder I was browsing has 6,000+ files and only the first 1,000 files are displayed (see highlighted box in following screenshot).  The first step in the solution is to click the “Find file” button in the upper right.

TruncatedFilesGHFolder1

 

On the following screen I typed “message” to filter the results for any files starting with that keyword.  Now I found the file I was looking for, “../MessageRequest.cs”.

TruncatedFilesGHFolder2

 

Conclusion

Looking back this may seem like an intuitive solution but I was stumped at first.  Hopefully this will help someone (or myself again) if they run into this.

-Frog Out

PowerShell Script to Create Office 365 Security and Compliance Center eDiscovery Case and Holds

This week my customer and a peer both asked for a sample PowerShell script to automate the creation of an Office 365 Security and Compliance Center eDisovery case, hold, and content search.  This post will share out that script and a few things to be aware of (ex. deprecating basic authentication) that are important.

Background

The below script accomplishes the following tasks:

  • Create a Security and Compliance Center eDiscovery case
  • Place an in-place hold on multiple users’ Exchange Online mailboxes
  • Create a content search within eDiscovery case for any folders named “Legal Hold” and the child folders under them

Important Note

As of the publish date (Mar 4th, 2020) the Security and Compliance Center remote PowerShell module relies on basic authentication.  The Exchange team has publicly shared that basic authentication for Exchange Online will be deprecated by Oct 2020.  As such that means the below script may not be usable in its current form in ~6 months.  When a replacement or update is available I will attempt to update this sample to reflect that.

Exchange Online deprecating Basic Authentication
https://support.microsoft.com/en-us/help/4521831/exchange-online-deprecating-basic-auth

In terms of the Exchange Online remote PowerShell module there is a v2 module being developed (active development, not ready for production) which you can find on the PowerShell Gallery.  This new module support OAuth authentication which resolves the issue of deprecated basic authentication.

ExchangeOnlineManagement module on PSGallery
https://www.powershellgallery.com/packages/ExchangeOnlineManagement

Solution

Before running this script, ensure that the account you log in with has the appropriate permissions to both Exchange Online as well as Security and Compliance Center.  My sample uses a single admin account but you may adapt the script to use separate accounts if needed.  See the following articles for more details.

Connect to Exchange Online PowerShell
https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps

Connect to Office 365 Security & Compliance Center PowerShell
https://docs.microsoft.com/en-us/powershell/exchange/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell?view=exchange-ps

Note: If you do not see the below Gist please refer to code at this location: EXO_New-SCCeDiscoveryCaseAndHold.ps1

Set-StrictMode Version "Latest"
# eDiscovery case creation
$caseName = 'Smith v. Johnson';
$UPN = 'user1@contoso.onmicrosoft.com', 'user2@contoso.onmicrosoft.com'
$description = "$caseName"
$policyName = "$caseName – Hold Policy"
$ruleName = "$caseName – Hold Rule"
$searchName = "$caseName – Search Name"
$rootFolderNameQuery = "Legal Hold"
function GetFolderQueries {
param (
[string]
$rootFolderNameQuery,
[string[]]
$UPN
)
$folderQueries = @()
foreach($user in $UPN)
{
$rootFolderStats = Get-MailboxFolderStatistics Identity $user | Where-Object name -eq $rootFolderNameQuery
$childFolderStats = Get-MailboxFolderStatistics Identity $user | Where-Object FolderPath -like "$($rootFolderStats.FolderPath)*"
# sample script to convert folderId: https://docs.microsoft.com/en-us/microsoft-365/compliance/use-content-search-for-targeted-collections?view=o365-worldwide#step-1-run-the-script-to-get-a-list-of-folders-for-a-mailbox-or-site
foreach ($folderStatistic in $childFolderStats)
{
$folderId = $folderStatistic.FolderId;
$folderPath = $folderStatistic.FolderPath;
$encoding= [System.Text.Encoding]::GetEncoding("us-ascii")
$nibbler= $encoding.GetBytes("0123456789ABCDEF");
$folderIdBytes = [Convert]::FromBase64String($folderId);
$indexIdBytes = New-Object byte[] 48;
$indexIdIdx=0;
$folderIdBytes | Select-Object skip 23 First 24 | %{$indexIdBytes[$indexIdIdx++]=$nibbler[$_ -shr 4];$indexIdBytes[$indexIdIdx++]=$nibbler[$_ -band 0xF]}
$folderQuery = "folderid:$($encoding.GetString($indexIdBytes))";
$folderStat = New-Object PSObject
Add-Member InputObject $folderStat MemberType NoteProperty Name UPN Value $user
Add-Member InputObject $folderStat MemberType NoteProperty Name FolderPath Value $folderPath
Add-Member InputObject $folderStat MemberType NoteProperty Name FolderQuery Value $folderQuery
$folderQueries += $folderStat
}
}
return $folderQueries
}
# Connection to EXO and SCC PowerShell Modules
$UserCredential = Get-Credential
$Session = New-PSSession ConfigurationName Microsoft.Exchange ConnectionUri https://outlook.office365.com/powershellliveid/ Credential $UserCredential Authentication Basic AllowRedirection
Import-PSSession $Session AllowClobber
$SccSession = New-PSSession ConfigurationName Microsoft.Exchange ConnectionUri https://ps.compliance.protection.outlook.com/powershellliveid Credential $UserCredential Authentication Basic AllowRedirection
Import-PSSession $SccSession AllowClobber DisableNameChecking
# Create eDiscovery case, hold, and compliance search
New-ComplianceCase Name $caseName Description $description
New-CaseHoldPolicy Name $policyName Case $caseName ExchangeLocation $UPN Enabled $true
New-CaseHoldRule Name $ruleName Policy $policyName Disabled $false
$folderQueries = GetFolderQueries rootFolderNameQuery $rootFolderNameQuery UPN $UPN
New-ComplianceSearch Name $searchName Case $caseName HoldNames "All" ContentMatchQuery $folderQueries.FolderQuery

Conclusion

In this post I shared a sample script for automating the creation of an Office 365 Security and Compliance Center eDiscovery case, hold, and folder scoped content search.  The folder scoping was an interesting detour as I had to track down the way to gather folder IDs from a product group engineer sample (linked in the above sample).  I hope you find this useful and good luck scripting.

-Frog Out

Newsletter #5 – Video game analogies, Live life asynchronously, and MakeCode Arcade

“The goal isn’t just to finish the race of life, but to finish the race with nothing left to give”
-John R. Wood: Ordinary Lives, Extraordinary Mission

Video game analogies

Thought experiment time.  If you had to describe your life as a video game (pick a gameplay mechanic, theme, story, character, etc.) what would you choose?  For me it would be one of the earliest games I ever played, the “Mario Bros” Game and Watch multi-screen game.  In the game (pictured below) you control Mario and Luigi at a bottling plant filling boxes that are moving back and forth on multiple vertical levels before finally loading them on a truck.  The gameplay mechanic of controlling each brother up and down separately, thinking ahead to when a box would need to be caught by one of the brothers, and the patterns of movement clicked with me from an early age.  How do you see your life as a video game analogy?

TinyLetter-5-3

Every week / month I hear developers, public speakers, etc. discussing “don’t live your life by default“, “start with why“, and more.  I’ll propose my own “phrase to live by” into the mix.

Live life asynchronously.

Live life asynchronously

Let me expand upon this idea a little bit further.

Asynchronous means not occurring at the same time, as in computers and programming when a method begins but releases control until it signals back to the system that the asynchronous method is finished.

In real life there are many tasks that can be started and then picked up when they have completed: laundry, cooking a meal, charging batteries, compiling code, etc.  The interesting part is to figure out when you can start one task and know that it will be ready to pick back up when it is done.

Personally I know that I can start a load of dishes in the dishwasher right after dinner and have them ready to put away shortly before bed.  When I get home from work I can play a game of chase around the house with my older kids and find toys / books / clothes that need to be picked up (doubles as some exercise for all of us).

The other aspect of doing things asynchronously is that it forces you to think about your future self (and others).  By doing X now I know that in Y hours / days / weeks I’ll be ready to finish it.  This ties in to investing (financially, academically, etc.) as well.  I could buy a fancy new electronic gadget now, or I could put that money towards my retirement account / kids’ school costs / donation to charity or plenty of other future needs.

Despite the natural tendency for some folks to minmax the optimal set of tasks that can be completed in a given 24 hr period, the first two words of the phrase mean the most: “live life”.  I’ve never thought to myself “I’m glad I fit in those additional 5 chores around the house today at the expense of spending time with my wife or kids”.  Go on and live life with people first.

MakeCode Arcade

TinyLetter-5-5

Recently I found a cool retro game programming platform called MakeCode Arcade.  MakeCode Arcade is free, open-source, and entirely accessible through a browser with no installs required.  Similar to MIT’s Scratch offering you can build games using predefined blocks (or JavaScript if you feel like going advanced) that include game logic, sprites, animations, controller input, and more.  You can also play your own games or a whole host of community games through the browser or download your games to a number of hardware devices (most cost less than $40 last I checked).  If you feel like collaborating you can also share your projects on GitHub for others to enjoy and work on.  I’m looking forward to introducing MakeCode Arcade to my daughter this year to see what she comes up with.

On a similar note I’ve also grown very interested in chiptune music and how it is created.  One of my favorite “artists” is Rich Vreeland who goes by the name Disasterpeace.  I highly recommend these albums:

If you are interested in creating your own chiptune music you can find a handful of tools below. Even though this article says for Windows 10 there are offerings that also have versions for Mac and Linux.

Chiptune music creators for Windows 10
https://www.ilovefreesoftware.com/19/windows-10/chiptune-music-creator-windows-10.html

Have you tried out any fun retro gaming platforms or found good chiptune music?  Share back if so.

-Frog Out