Share
ReportLooking for some guidance on getting a particular solution working. Still somewhat new to PA so excuse me if I use any wrong terminology or wording.
End Goal
Implement a fully automated flow to extract users lastPasswordChangeDateTime attribute from o365, calculate how many days that password has left to expire and then emailing the user when it drops below 10. I currently have a PowerShell script that does exactly this running from an on-premises server. However, we would like to move away from being reliant on local resources. This would also allow us to implement the solution for other customers.
The ideal solution would run again an application user or service account (service principle?), require no licenses (but I'm edging towards the fact that we may need an exchange license at minimum)
Implement a fully automated flow to extract users lastPasswordChangeDateTime attribute from o365, calculate how many days that password has left to expire and then emailing the user when it drops below 10. I currently have a PowerShell script that does exactly this running from an on-premises server. However, we would like to move away from being reliant on local resources. This would also allow us to implement the solution for other customers.
The ideal solution would run again an application user or service account (service principle?), require no licenses (but I'm edging towards the fact that we may need an exchange license at minimum)
Current Status
I currently have a working proof of concept flow that does everything I need. Using 'Send an HTTP request' to pull down the required user information, filtering it, and sending emails as required. Screenshots of the flow are here. I'm currently dumping the data to a spreadsheet just so I can validate the process. This is not a requirement for the final solution. Also only pulling the first 15 records to speed up testing.
Like I mentioned, this is all running fine and doing exactly what we want. However, its all associated with my account, using my PA and Exchange license.
The Problem
This flow would be dropped into customers tenants so obviously cant be associated with my account. And ideally wouldn't need licenses or accounts to maintain.
I was able to get the 'Send an HTTP request' to run as a service principle by creating a custom connector and making use of an Entra App with the required MS Graph permissions. However, the custom connector is a premium connector so that then requires a premium license.
I've tried changing the owner to an application user, but the flow itself still seems to retain my user credentials and requires them to run.
I also thought I might be able to use the MS Graph sendMail to fire off the emails without a license. But that doesn't seem to be the case
I feel like the end solution may end up looking something like this:
Entra service account with Exchange license. This account can then be used to send the HTTP request & fire off emails. A PA Premium license wouldn't be required.
However, I've been so focused on my approach that there's a chance there is a different path I can use that I'm simply not seeing.
Does anyone have any ideas on the best way to achieve this? Or even better, a working solution
Categories:
I have the same question (0)
All responses (
Answers (
13,081
