Clik here to view.
Per-User MFA State Added to Tenant Passwords and MFA Report
Per-User MFA State Available for User Accounts Through the Graph On June 10, 2024, the Microsoft Graph changelog included some interesting additions to the beta version of the authentication resource...
View ArticleClik here to view.
How to Exploit Entra ID Sign-in Data to Detect Problem Service Principals
Spring Clean Time for Apps Coming Soon Last year, I wrote about the need to review and clean up Entra ID integrated applications. That article describes how to extract information from Entra ID o a...
View ArticleClik here to view.
Adding Details of Authentication Methods to the Tenant Passwords and MFA Report
Revealing Full Details of Authentication Methods and Why This Might Be a Privacy Issue Soon after releasing V1.2 of the Tenant Passwords and MFA Report (to add details about per-user MFA states), I...
View ArticleClik here to view.
Generate a HTML Report of Managers and Direct Reports with the Graph SDK
Creating a Report From Entra ID Manager and Direct Reports Data with PowerShell It’s always good to be able to build on the knowledge contributed by someone else. This brings me to a post by Vasil...
View ArticleClik here to view.
Reporting Entra ID Administrative Role Assignments
Look Out for Synchronized On-Premises Accounts Holding Administrative Role Assignments An August 2 post by SpecterOps highlights the dangers for hybrid Microsoft 365 organizations of synchronizing...
View ArticleClik here to view.
Why Entra ID can Restore Some Types of Deleted Groups and Not Others
Ability to Restore Deleted Groups Depends on Graph APIs Yesterday, I covered a gap that exists between the Purview development group and the Exchange Online development group when it comes to applying...
View ArticleClik here to view.
The New Entra ID Photo Update Settings Policy for User Profile Photos
Photo Update Settings Policy is Long-term Unified Replacement for Other Controls Given the historical foundation of Microsoft 365 in several on-premises applications, it probably wasn’t surprising...
View ArticleClik here to view.
Adding a Custom Test to the Maester Tool
Create a Custom Maester Test with PowerShell and the Graph I last wrote about the Maester tool in April 2024. At that time, Maester had just been released as a community-based framework for automated...
View ArticleClik here to view.
Microsoft Graph Doesn’t Support Custom Attributes for Groups
Detecting Changes in Container Management Labels Using sensitivity labels to control the settings of Microsoft 365 groups, teams, and sites is a very powerful management tool. Since introducing the...
View ArticleClik here to view.
How to Force Users to Sign in Weekly
Revoke Access for User Accounts at a Good Time A recent question in the Facebook Office 365 Technical Discussions group covered the situation where a conditional access policy imposes a 7-day sign-in...
View ArticleClik here to view.
How to Set Directory Synchronization Features with the Graph
UPN and sAMAccountName Updates and Entra ID Directory Synchronization Features The other day, I received a note from an Office 365 for IT Pros reader to say that they’d perused the book to seek advice...
View ArticleClik here to view.
How to Restore the Service Plan for a Microsoft 365 Product License
Reasons Exist to Disable Service Plans and Enable Service Plans Plenty of articles are available on the internet to explain how to disable a service plan from a Microsoft 365 license. In this respect,...
View ArticleClik here to view.
Why Are Per-User MFA Settings Available in the Entra Admin Center?
Conditional Access Still Preferred Over Per-User MFA I was asked if the existence of an option to manage per-user MFA in the Entra admin center (Figure 1) means that Microsoft plans better support for...
View ArticleClik here to view.
Microsoft Recommends the UnifiedRoleDefinition Graph API for Role Assignment...
A New Graph API to Replace Two Existing APIs The Graph change log update posted on October 21, 2024 contains a simple and blunt recommendation for developers to use the unifiedRoleDefinition Graph...
View ArticleClik here to view.
Manage PIM Role Assignments with the Microsoft Graph PowerShell SDK
Add Eligible and Active PIM Role Assignment Requests I recently wrote about Microsoft’s recommendation to use the UnifiedRoleDefinition Graph API instead of the older DirectoryRole API. In that...
View ArticleClik here to view.
Use the Microsoft Graph to Report Service Principal Sign-In Activity
Gain Insight from Service Principal Sign-in Activity Before an app can be used in an Entra ID tenant, it must be registered and have a unique identifier. Apps can be owned by the tenant or created by...
View ArticleClik here to view.
Final Days for the MSOnline and AzureAD PowerShell Modules
Time Ebbing Away Before AzureAD and MSOnline Module Retirement On January 13, 2025 Microsoft posted what I am sure they hope will be the last notification about retirement details for the MSOnline and...
View ArticleClik here to view.
Entra ID Allows People to Update their User Principal Names
No Good Reason Why Users Can Update User Principal Names Update 14:00 UTC: Microsoft appears to have reacted and has blocked the ability of users to update their UPNs. Here’s what the Entra admin...
View ArticleClik here to view.
Interpreting SignIn Audit Records for Service Principals
Service Principal SignIn Audit Records Available for 30 Days In August 2022, I wrote about the experience of developing and using Azure Automation runbooks. Move forward to today and one of the topics...
View ArticleClik here to view.
Microsoft Introduces People Administrator Role
People Administrator is the 116th Entra ID Role Message center notification MC992218 (30 January 2025) announces the arrival of the new People administrator role for Entra ID. There’s nothing...
View Article