Featured image of post Monitoring with PowerShell: Monitoring Azure App Proxies

Monitoring with PowerShell: Monitoring Azure App Proxies

Sometime back I made a youtube video about how to use Azure App Proxy. This was received really good in a lot of the communities I frequent but a worry popped up by someone recently; how am I sure that the Azure Application Proxy is always completely functional at my clients? You can monitor the service of course, but that does not mean that the entire connection to Azure is functional.

So, I’ve decided to share our monitoring script for Azure Application Proxy. you can use the Secure Application Model for this. One important note is that the Application Proxy needs to be enabled in the tenant, otherwise you’ll get a 401 or 403 error.

The Script

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
######### Secrets #########
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret'  | ConvertTo-SecureString -Force -AsPlainText
$RefreshToken = 'RefreshToken'
######### Secrets #########
write-host "Creating credentials and tokens." -ForegroundColor Green

$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)
$aadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.windows.net/.default' -ServicePrincipal
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal

write-host "Connecting to Office365 to get all tenants." -ForegroundColor Green
Connect-MsolService -AdGraphAccessToken $aadGraphToken.AccessToken -MsGraphAccessToken $graphToken.AccessToken
$customers = Get-MsolPartnerContract -All
$AppProxies = foreach ($Customer in $Customers) {

    $CustGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes "https://graph.microsoft.com/.default" -ServicePrincipal -Tenant $tenantid
    $headers = @{ "Authorization" = "Bearer $($CustGraphToken.accesstoken)" }
    write-host "Looking for changed applications for $($customer.DefaultDomainName)" -ForegroundColor Green
    $ApplicationsURI = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectors"
    (Invoke-RestMethod -Uri $ApplicationsURI -Headers $Headers -Method Get -ContentType "application/json").value

}

if($AppProxies| Where-Object $\_.status -ne "Active"){
write-host "One of the application proxies is not active. See results"
$AppProxies

}

And that’s it! as always, Happy PowerShelling!

All blogs are posted under AGPL3.0 unless stated otherwise
comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy