Clik here to view.
How to Remove Licenses From Disabled Accounts with PowerShell
The Reasons for Disabled Accounts Many reasons exist why organizations disable user accounts, including when employees go on sabbaticals, take time off due to illness, or have leave following...
View ArticleClik here to view.
How to Block User Access to Microsoft 365 PowerShell Modules
Use Enterprise Applications to Block PowerShell Modules A question arose about the best way to block Microsoft 365 user accounts from being able to run PowerShell. It seemed like a worthy problem to...
View ArticleClik here to view.
Microsoft-Managed Conditional Access Policies Coming to Eligible Tenants
Increase MFA Usage with a Conditional Access Policy On November 6, Alex Weinert, Microsoft’s VP for Identity Security, announced the “auto-rollout of Microsoft Entra Conditional Access policies that...
View ArticleClik here to view.
Reporting User and Group Assignments for Enterprise Applications
How to Find and Document Assignments for Entra ID Enterprise Applications A reader asked: “I am trying to execute Microsoft Graph that it can grab all my Enterprise Applications in my tenancy and...
View ArticleClik here to view.
Reasons to Pause Membership Processing for Entra ID Dynamic Groups
Pause Membership Processing to Prevent Inconsistent Changes A year ago, I wrote about the newly-introduced ability to pause membership processing for Entra ID (then Azure AD) dynamic groups. At the...
View ArticleClik here to view.
Exclude Breakglass Accounts from Conditional Access Policies with PowerShell
Check Conditional Access Policies and Add Breakglass Accounts if Necessary Breakglass accounts (or as Microsoft calls them, “emergency access accounts”) are intended for emergency use, such as when...
View ArticleClik here to view.
Entra ID Captures Timestamp for Last Successful Sign In for User Accounts
Big Difference Between Last Sign in and Last Successful Sign In Yesterday, I saw a tweet from Entra ID program manager Merill Ferando announcing that the Graph signInActivity resource type (beta) now...
View ArticleClik here to view.
Entra ID Improves Registered App Security
Changes to App Instance Property Lock and Sign-In Audience In March 2023, I wrote about a preview feature that allows application developers to lock the properties of service principal objects using...
View ArticleClik here to view.
Threat Actors Increase Misuse of OAuth Applications
OAuth Apps Used to Automate Financially-Driven Attacks The December 12, 2023 post for the Microsoft security blog covers how “Threat actors misuse OAuth applications to automate financially driven...
View ArticleClik here to view.
Reporting Entra ID Admin Consent Requests
Use PowerShell to Find and Report Details of Admin Consent Requests Dinesh asked “How can I generate a report of Admin Consent Requests received by Entra ID? I’m specifically looking for information...
View ArticleClik here to view.
Managing Passwords for Entra ID Accounts with PowerShell
Using Password Profiles for Entra ID Accounts Although passwordless authentication is in the future for many Entra ID accounts, the indications are that it will take time for Microsoft 365 tenants to...
View ArticleClik here to view.
Mastering Microsoft Graph PowerShell SDK Foibles
Microsoft 365 Groups, Entra ID, and User Extension Attributes Last year, I wrote about some of the foibles encountered by scripters as they work with the Microsoft Graph PowerShell SDK. At the time,...
View ArticleClik here to view.
How to Report Expiring Credentials for Entra ID Apps
Use the Microsoft Graph to Report App Credential Expiration Dates A reader asks if it’s possible to notify administrators when app secrets expire or are close to expiring. App secrets (also called...
View ArticleClik here to view.
Microsoft Encourages More Performant Membership Rules for Dynamic Groups
Dynamic Group Rule Builder Blocks Contains Operators It was interesting to read message center notification MC705357 (January 9, 2024) and learn that Microsoft implemented a change to the dynamic...
View ArticleClik here to view.
How to Update Tenant Corporate Branding for the Entra ID Sign-in Screen with...
Use Graph SDK Cmdlets to Apply Annual Updates to Corporate Branding for Entra ID Sign-in Screen Back in 2020, I took the first opportunity to apply corporate branding to a Microsoft 365 tenant and...
View ArticleClik here to view.
Exchange Online Optimizes Online Address Book Lookups
Directory Lookups, the Address Book, and the Get-MgDomainNameReference Cmdlet The news published in message center notification MC706449 (13 January 2024) is surprising only because people must still...
View ArticleClik here to view.
Graph User.ReadBasic.All Application Permission Available
Controlling Application Access to Entra ID User Account Information Message center notification MC704030 (5 January 2024) brings important news for developers that the User.ReadBasic.All permission is...
View ArticleClik here to view.
New MSIdentityTools Cmdlet to Report OAuth Permissions
The Export-MsIdAppConsentGrantReport Cmdlet Makes it Easier for Tenant Administrators to Track OAuth Permissions for Apps As readers of my articles know, I have often discussed the topic of monitoring...
View ArticleClik here to view.
Reporting App Permissions Used by Managed Identities
Managed Identity Permissions Gather Like Moss on a Tree A side effect of running the Microsoft Graph PowerShell SDK cmdlets in interactive sessions is that the service principal for the SDK app can...
View ArticleClik here to view.
Keeping an Accurate Microsoft 365 Tenant Directory is Important
Cherish the Accuracy of Entra ID Account Properties Every Microsoft 365 tenant uses Azure Active Directory to store information about the tenant configuration, accounts, and groups. Maintaining...
View Article