I need to query the "Description" field in Azure

Daniel Brady 0 Reputation points
2024-04-11T16:57:56.0033333+00:00

Hi,

I have an LDAP idp in Jamf Pro. In this setup I use the "description" field to setup user groups. I am migrating to Entra idp and am trying to use the same field, but it is not returning results. How do I use this field? It is listed in my on-prem AD but I don't see it in Azure.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,699 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marcin Policht 23,700 Reputation points MVP
    2024-04-11T17:06:40.8533333+00:00

    If you're invoking this functionality from an Azure Function with a system-assigned managed identity, you can leverage this managed identity to authenticate with Microsoft Graph without needing to manage client secrets or other credentials directly within your code. You can use the managed identity to obtain an access token and then use that token to authenticate your requests to Microsoft Graph. Here's how you can modify the script to work with an Azure Function's managed identity:

    Grant Necessary Permissions to the Managed Identity: Ensure that the system-assigned managed identity of your Azure Function has the necessary permissions (e.g., User.Read.All or User.ReadBasic.All) to read user properties from Azure AD through Microsoft Graph. You can assign these permissions in the Azure portal or using Azure CLI/PowerShell scripts.

    Retrieve Access Token using Managed Identity: Modify the script to use the managed identity to obtain an access token. Azure Functions automatically provide an access token through its managed identity when running in Azure.

    Here's how you can modify the script:

    # Get access token using managed identity
    $tokenEndpoint = $env:MSI_ENDPOINT + "?resource=https://graph.microsoft.com&api-version=2017-09-01"
    $accessToken = Invoke-RestMethod -Method Get -Uri $tokenEndpoint -Headers @{"Secret"="$env:MSI_SECRET"} | Select-Object -ExpandProperty access_token
    # Make a GET request to Microsoft Graph API
    $userEndpoint = "https://graph.microsoft.com/v1.0/me"
    $userResponse = Invoke-RestMethod -Uri $userEndpoint -Method Get -Headers @{Authorization = "Bearer $accessToken"} -ContentType "application/json"
    # Get the description property from the response
    $description = $userResponse.description
    # Output the description
    Write-Output "User Description: $description"
    
    

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.