Using the Graph API to Export eDiscovery (Premium) datasets
Microsoft has steadily been adding Graph API endpoints to cover eDiscovery scenarios, albeit only targeting the “Premium” experience. Just recently, the Export operation become available, bringing full...
View ArticleScoping conditional access policies to “tagged” applications
Microsoft has been gradually expanding the reach of its Conditional Access feature, while at the same time also releasing a bunch of controls that allow us to more granularly scope CA policies....
View ArticleMicrosoft 365 Audit adds support for administrative unit scoping
A while back, we covered the introduction of support for scoping (some) Purview Compliance Center role groups based on membership of administrative units. At that time, only the DLP and Sensitivity...
View ArticleNon-existent users show up in SignInActivity data (or how logs continue to...
One of the common questions I get nowadays is “give me a list of all users that haven’t logged in in the past XX days”, or variations of the same theme. The question is somewhat easier to answer...
View ArticleMake sure Deleted items are automatically removed from Microsoft 365 mailboxes
In another “forgotten knowledge” topic, let’s discuss how to automatically clean up/remove items from the Deleted items folder in Exchange Online/Microsoft 365. Nothing has changed in this process for...
View ArticleProtect your multi-tenant applications from being hijacked by admins in the...
In the beginning of 2023, Microsoft introduced the app instance property lock feature, as a response to some of the “app hijacking” techniques used by prominent attacks over the past few years. The...
View ArticleWe can finally report on last successful login timestamp in Entra ID
Today’s article will be a short one. In a small, but meaningful update, Microsoft has released a new addition to the signInActivity resource, which allows us to determine the last time a given user was...
View ArticleScript to review and remove service principal credentials
Last week, we explored Entra ID’s app instance property lock feature. As part of the process, we examined one possible way that bad actors could take advantage of the convoluted nature of working with...
View ArticleReporting on Microsoft 365 mailbox item count and size by year via the Graph API
Happy new year! For the first article of 2024, we will cover the “give me a breakdown of items within my mailbox, by age” question that pops up semi-regularly on the forums. The usual answer I give to...
View ArticleReporting on Entra ID integrated applications (service principals) and their...
Today, we’re going to be looking at reporting for Entra-integrated third-party applications (or their local representation, service principals). Since the last time we examined this, Microsoft has...
View ArticleReporting on Entra ID application registrations
After updating the scripts to report on Entra-integrated applications (aka service principals) last week, it is time to take a look at the updated scripts to report on application registrations. While...
View ArticleReporting on BitLocker recovery keys and associated devices
Today’s article will be an odd one, as its primary goal is to address some requests from the Q&A platform. In particular, the question about getting a list of all BitLocker recovery keys, posted...
View ArticleReporting on Entra ID directory role assignments (including PIM)
While certainly interesting in nature, the recent Midnight Blizzard breach is just the same old story – unprotected account, unsecured environment, a lot of neglect and failure to adhere to the best...
View ArticleCan you verify whether third-party applications adhere to the Identity...
One of the resources I used in preparation for the latest version of my Entra ID service principals and applications reporting scripts was the Identity platform best practices article. In fact, some of...
View ArticleObtaining Entra license utilization insights data via the Graph API
Yesterday, Microsoft announced the public preview of Microsoft Entra License Utilization Insights, or in other words, a set of reports that aim to give you an overview of how features that require...
View ArticleQuerying the Microsoft 365 Unified Audit Log datamart via the Graph API
Over the past couple of months, several announcements have been made around the Microsoft 365 Unified audit log and the methods used to access it. Some changes were good, such as the improvements made...
View ArticleSearch-Mailbox is no longer available in Exchange Online
After being away for a while (attending the Microsoft MVP Summit in Seattle and some additional traveling), I come bearing sad news. The beloved Search-Mailbox cmdlet, easily one of my favorite bits of...
View ArticleHow to manage email addresses for Microsoft 365 Groups
Recently, I’ve run into several discussions around how to use the Graph API to change the email address of an already provisioned Microsoft 365 Group (or Team). In all of them, a claim was made that...
View ArticleChanges in Set-UnifiedGroup result in lack of proper audit trail
As part of my investigation into the Microsoft 365 Group email address management story, I run a bunch of searches against Exchange Online’s Admin audit log as well as the Microsoft 365 Unified audit...
View ArticleRemove user from all Microsoft 365 groups and roles (and more) via the Graph...
The script to remove users from all groups across Microsoft 365 has been one of the more popular entries in my GitHub repo for a while now. It is also generating a lot of improvement requests, the most...
View Article
More Pages to Explore .....