Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Microsoft 365 Community / Community Demos / 31 Mar 2022
Microsoft 365 Community / Community Demos / 31 Mar 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Use CLI for Microsoft 365 to get HaveIBeenPwned status

Description

In this 14-minute developer-focused demo, Albert-Jan Schot asks: Do you know the Pwned status on users of your SharePoint site? Pwned information is collected on the HIBP website and is accessible via an API (small fee required). Access the API using the m365 aad user hibp command in CLI for Microsoft 365. The HIBP information may be accessed as well by running a script in a Docker container or in a Flow. Has your email been party to a breech? Find out, go to https://haveibeenpwned.com. This PnP Community demo is taken from the General Microsoft 365 Developer community call recorded on March 31, 2022.

Demo Presenter: Albert-Jan Schot (BLIS.digital) | @appieschot

Supporting materials:
• Tools - CLI for Microsoft 365 | aka.ms/cli-m365
• Article - ';--have i been pwned? | https://haveibeenpwned.com/
• Demo - Running the CLI for Microsoft 365 in Azure Container Instances orchestrated by Logic Apps | https://www.youtube.com/watch?v=e36qPG9x0C0
• Article - Use CLI for Microsoft to get HaveIBeenPwned status | https://www.cloudappie.nl/cli-microsoft-haveibeenpwned-status/
• Connector - Have I Been Pwned (Independent Publisher) (Preview) | https://docs.microsoft.com/connectors/haveibeenpwnedip/

Learn more:
• Learn more about the Microsoft 365 Patterns and Practices community at: http://aka.ms/m365pnp
• Visit the Microsoft 365 Patterns and Practices community YouTube channel: https://aka.ms/m365pnp-videos

A

So I've got a few slides, not too many, um but just to get. You started we're going to show off with with cli from 365 and we're going to use some of the commands and samples that we that we have in there um before we actually get started. If you want to try out the cli from 365, you can. The idea behind it is that we believe that you should be able to manage your m365 environment and 365 tenant from any platform.

A

So the cli is a cross-platform way of working with your data, calling commands executing information and the cool thing about it is that it works on any platform. Obviously, because that's the whole ide and the idea is that you sign in once that you can interact with the platform and run commands to your tenant.

A

Now those commands can just be run from any any os, whether it's windows macos or linux, and they can also be run from any shell, whether you use powershell windows terminal, whether you like best commander, whatever you like and there's one login, so you sign in once and then you're validated or authenticated against all the services. Now from a technology stack, it actually runs on nokia. So we do need you to have node us on your on your machine and as soon as you have node us, then you can install the cli.

A

You can do npm, install um or use yarn for for that matter, and once you have it installed, then you need to sign in. We use the azure active directory to make sure that all the requests are uh are secure, that you can do anything. You don't have permissions to that. Well, obviously, you shouldn't be able to do anything you're, not affirmations too, but that you can just do the stuff that you that you can but assuming that that you've seen that there are samples out there how to get the cli installers.

A

Actually, I think I've been recording uh at one of these calls like a year ago where we went through, but once you have it installed, you can actually work with it now, if you would want to work with some of the commands. Let's imagine that you want to work with the have I been paid us then, to actually run a sample like that. There are just a few commands that you that you have to rent. First of all, you have to get the users that you want to play around with.

A

Maybe you want to get all users, maybe you want to get a subset of users, then what you actually do is you get the status that have ibig phone status per user and there is an api for that. I'm going to show you in a second then based on the results, then you want to report problems or you want to report that everything is correct and then, with that symbol you can actually run wherever you like, so you could run it in a docker container. You can run it in.

A

You can actually orchestrate it with a logic app or you can just run it on your machine. So that's uh that's the link to let's that's the link to the demo. Let's, uh let's have a look now. Let me close out my uh my powerpoint.

A

If you want to get started, we've got documentation out there. That explains pretty much everything you need to do so. We've got documentation that helps you get. It installed, make sure you're signed in and if you're good, then, as you can see, okay, you can log in, but in my my experience, let's do m365 status. You will see that I'm connected I'm there. Everything is everything is correct. Now what we also have is we've got details on all the commands that we have.

A

So, if you're looking to inspiration or just want to know what you can actually do, then here you can see all the different commands that we have and we've got a command that well just gets uh either your users, so I can go to ok, azure, active directory user and I can get a specific user. I get list a specific user and also here's the documentation around. Have I been pwn status where you can, as you can see, retrieve all the accounts that have been found with a specific username?

A

So if you would run this, you actually need a have. I been honed key because we're calling the api you'll need an api key and if you look at the way that have been punk worked is that if you look at the api or the description of the api, they actually explain what they do. But if you look at the api key, you can just get an api key.

A

If you actually have to buy one, it's like um there, it is 3.50 a month, uh and there is this nice blog post explaining why you actually need to pay for it. I'm more than happy to do that. If you don't, then uh well, you have bad luck. You can't you can't work with with this api without this key, but once you have an api key and you actually bought one, and I bought that one for for a single month, so I can just play around with it.

A

But once you have that api key, you can actually run a command, so let's do m365 azure active directory user. Have I been pulled pass any username pass in that that api key I'm gonna copy it and I'm gonna run it now. If I run this, what this will do is it will tell me whether? uh Okay, yes, there's been no phone nuts, everything is done, no problem. It will work.

A

If I would pick another account that I have it's, it's a similar account same command, but this will actually tell me: okay, you've been part of breaches, so I've got a hotmail account. I've had it, for I don't know. Like 20 years now, and apparently I signed up for last event. I signed up for a dope. I signed up for tumblr and apparently I've been part of breaches that they've had now. Luckily, I'm aware so, I've changed my password, nothing problematic there, but at least now. I know that I'm aware of breaches with this account.

A

So this is all you need to do to get the hava bimpon status for a specific account now coming from there. What you can do is you can come up with some more advanced scenarios, so you could say: okay, we've got a sample script for that. Actually, let's get all users so walking through the script.

A

What we do is we make sure that you're not logged out if you're logged out, we ask you to log in, but if you're logged in then we're going to retrieve all the users and we're going to get all the active directory users, we get their display name and their user principal name and then what we can do is we can iterate over those different users and we're going to say: okay, let's write out a statement that we're checking the user and then we get the status.

A

If the status is no opponents found or is not equal to no opponents found there actually is something there is a breach. So currently we're just writing it out. Obviously you can add it to a list and make sure that their passwords have been changed recently or maybe you want to. uh We want them to.

A

Let them know that they've been have been breached, so um you can do whatever you like with it, but this would be just be running and if I would do the uh let me get it uh check uh this one.

A

So let me run this one and what you will see is it will get all the active directory users and in my environment I just have a few like 15, so it will go through all the different users and we'll just say: okay, no breach is found, no breaches found where, if there are no so this looks good, I mean no problem here and I'm gonna cancel it because I'm lazy not gonna, wait for it. Everything is fine.

A

Coming from there, you can actually come up with other some more advanced scenarios, so you could say instead of getting all users, I want to get all users for a specific sharepoint site and I want to query those users and I want to extract from those users only external users.

A

So what this would do is this would pick up a specific site in this case my crisis management site that I got from the lookbook and in there I'm gonna say: okay, give me all the external users and then rather than putting in the username here, I'm gonna put in the user email, because if I do that there we go, what I then can do is, I can say: okay, give me the status for external users on a specific site.

A

So if I would run this cli check external, it's gonna issue with user upbeat at gmail, so apparently I cannot get that status or no. I can this actually works correctly. um There we go so issues width and then I get my hp, uh my evap important status. So apparently that account the gmail account has been part of a breach. um I actually made a typo so now it based this out wrongly, but the part the breach that I'm part of is the gfit breeds.

A

So now I know that this external account on this specific site actually is part of a bridge. So there is a risk with this external account within my environment. Now this is still running on my machine, so what I could potentially do is, I could potentially run the same script as part of a docker container, and there has been a recording for that already, but what you would do is it would be slightly different. Let me open the I think. It's this one uh yeah.

A

So what you do is you would write the best script, because if you run it in a docker container, you'll need to run it as a best script. You would have the pretty much the same symbol where you would say. Okay, give me all the external users for a specific site where the site is something you can specify in your logic. App then run the command and then just get that status and output that status.

A

Now, if you want to run this, what you actually need to do is you'll need to create a logic app and within that logic, app. What you can do is you can create a container group and in that container group you can actually pull in the cli. M365 docker container probably should get the latest one, but you can specify the version if you want to, and what we do here is we link it to a specific git repository?

A

That's something you can see here that git repository actually does contain the sample scripts, and what I do is I, in that git repository, call my sample script or pass in the id of my managed identity test in the site that I want to do something with pass in my have I been pumped api key and if I would run this logic app, then it will spin up my docker container.

A

It will execute this specific script and it will output all those have ibm pawn statuses, and what we do here is because we are retrieving that data. If the container is finished, we actually get the locks, and then we delete it. Now you could send the locks as an email or you could parse the locks. You could put it as a um adaptive card into teams.

A

Doesn't really matter what you want to do with it, because you have the logs from the container in your managed identity, there will be a link in the chat with a recording on how to set up the logic app how to execute the script. If you want to get the sample script, what you actually can do is you can go to our site.

A

You can go to sample scripts and if you look at the sample scripts, we have all our sample scripts available here so for the have impounds, the sample script is out there with a short description. If you have any issues any remarks, anything you want to do, you can always go to a github repository where you can create new issues, we're always looking for ways to improve. So if there's anything you can think of that we should do better. Let us know if you want to help out.

A

There is actually a really good overview of all our good first issues with status open and help wanted. Here you can see that we're currently having 16 open issues, including documentation. If you feel that we should do better there. Let us know including new commands, including features requests, so there are quite a lot of ways to to help us out and a final shout out if you're not happy with doing sample scripts. If you actually want to get that, have I been pumped status.

A

Another way there recently has been a new, independent publisher, one connection that allows you to do pretty much the same thing using uh a out of the box flow, so you can getting. Let's give it a demo you'll need that. Have I been pound api key, so what I can do is I can just oops wrong one. I can actually get that from there we go script.

A

I can get it from my simple script, so there we go. I can paste it in there and as soon as I have a connection what I can do is. I can basically call that same api, as I would do in my sample. Script. I'll need to specify the account and I can specify whether you want to truncate the responses filter down the domain include unverified, so you have some options here as well.

A

It doesn't matter if you like cli use cli, if you want to run it in a container, feel free to run it in a container if you're looking at flow works flawlessly as well with that, I'm done with my demo.

B

Awesome stuff abby: it's just amazing how you're, uh using that to provide value and really love the crossover by the way of the independent publisher connectors. It shows how overarching the entire community is and how there are so many different overlapping circles in the technology that can be utilized. So thank you very, very much for that demo. Well done.

A

So thanks for having me.