Clik here to view.
Why MFA, Conditional Access, and Sensitivity Labels can Combine to Give...
Conditional Access MFA Gives Outlook Desktop a Problem with Protected Email I think most Microsoft 365 tenant administrators would agree that multifactor authentication (MFA) is a good thing. MFA...
View ArticleClik here to view.
Checking Out Entra Identity Secure Score
Entra Identity Secure Score Includes a Check for Expiring Application Credentials In January, I wrote about a script to analyze the credentials (certificates and secrets) for Entra ID registered apps...
View ArticleClik here to view.
Delete and Restore Entra ID User Accounts with the Microsoft Graph PowerShell...
Understanding How to Delete Entra ID User Accounts and Restore Them Afterwards is a Critical Skill According to message center notification MC344406 (18 March), in early April Microsoft plans to...
View ArticleClik here to view.
Microsoft Releases Entra ID License Utilization Insights
Entra ID Usage Insights for Premium Licenses A February 20 Microsoft Technical Community post covering the introduction of Microsoft Entra License Utilization Insights began by saying that over...
View ArticleClik here to view.
Reporting Soft-Deleted Entra ID Objects
Contemplating the Best Way to Report Soft-Deleted Entra ID Objects The Microsoft Technical Community article about keeping track of object deletions in Entra ID contains some interesting information....
View ArticleClik here to view.
Time Running Out for AzureAD and MSOL PowerShell Modules
Last Gasp for AzureAD PowerShell Retirement as Deadline Approaches Updated 2 March 2024 Microsoft’s original announcement about the deprecation of the AzureAD and Microsoft Online Services (MSOL)...
View ArticleClik here to view.
Basic User Account Management with the Microsoft Graph PowerShell SDK
Preparing to Migrate Away from Old AzureAD cmdlets Updated: 15 March, 2023 I received a lot of reaction when I described Microsoft’s new deprecation schedule for the AzureAD and MSOL modules. In...
View ArticleClik here to view.
Reporting Operating System Versions for Registered Devices
Know What Operating System Used by Entra ID Registered Devices After reading an article about populating extension attributes for registered devices, a reader asked me how easy it would be to create a...
View ArticleClik here to view.
Finding Devices Used for Multifactor Authentication
Track Down Unused Entra ID Registered Devices By Using Entra ID Sign-In Data At the end of January, I wrote about how to use multiple sources of data to figure out which user accounts use multifactor...
View ArticleClik here to view.
How to Convert an Entra ID External Account to Internal
Use the Entra Admin Center or PowerShell to Convert to Internal User Accounts Many Microsoft 365 tenants support a mixture of internal and external accounts. Internal accounts are member accounts that...
View ArticleClik here to view.
Maester: Microsoft Security Test Automation Framework
A Community-Driven Security Configuration Analyzer for Entra ID Tenants The irrepressible Merill Fernando, a product manager in the Microsoft Entra ID organization, came together with Security MVPs...
View ArticleClik here to view.
Microsoft Graph Activity Logs Hit General Availability
Graph Activity Logs for Security Analysis and Threat Hunting On April 11 2024, Microsoft announced the general availability of Microsoft Graph activity logs, explained as: “visibility into HTTP...
View ArticleClik here to view.
Removing Licenses from Entra ID Accounts When a Replacement License Exists
License Management is All a Matter of Identifiers (GUIDs) A reader asked how to use the Graph SDK to remove the Exchange Online Plan 2 license from 2,000 users who have been upgraded to the Microsoft...
View ArticleClik here to view.
How to Remove a Single Service Plan from User Accounts with PowerShell
Remove Service Plans with the Microsoft Graph PowerShell SDK In 2021, I wrote about how to remove a single service plan from multiple Entra ID user accounts with PowerShell. The original script used...
View ArticleClik here to view.
Microsoft Launches Support for Entra ID External Authentication Methods
Advancing MFA with Entra ID Authentication Backed by Nine ISVs Earlier this year, Microsoft reported that the percentage of Entra ID accounts using multifactor authentication had reached 38%. That...
View ArticleClik here to view.
Update Entra ID User Role Permissions to Secure Your Tenant
Make Your Tenant More Manageable by Tightening User Role Permissions The ability of non-privileged user accounts to perform certain administrative tasks in an Entra ID tenant (Microsoft 365 tenant) is...
View ArticleClik here to view.
Block Device Code Authentication Requests with Conditional Access
The Device Code Authentication Flow In late February 2024, Microsoft introduced a preview setting for Entra ID conditional access policies to block authentication flows. Although the setting covers...
View ArticleClik here to view.
Fetching Group Membership Information for an Entra ID User Account
Discover Group Membership with the Graph SDK I’ve updated some scripts recently to remove dependencies on the Azure AD and Microsoft Online Services (MSOL) modules, which are due for deprecation on...
View ArticleClik here to view.
Document Entra ID Conditional Access Policies with the IdPowerToys App
Manual and Automatic Documentation of Conditional Access Policy Settings as PowerPoint Presentation Windows has its Power Toys and now Microsoft’s identity management team is getting into the act with...
View ArticleClik here to view.
Report Delegated Permission Assignments for Users and Apps
Extract and Report Delegated Permission Assignments with the Microsoft Graph PowerShell SDK When discussing permissions used to retrieve data with Graph API requests (including cmdlets from the...
View Article