Microsoft has depreciated the Microsoft Graph CLI and Graph Toolkit. It’s nice to see some rationalization, but the real need is for better quality and coverage across all the Microsoft 365 administrative actions. Even after fourteen years of development, too many undocumented and private APIs exist today, which is an unacceptable situation. You should vote for a feedback portal item to ask Microsoft to do better.| Office 365 for IT Pros
In this installment of the Graph Activity Log series, we uncover how attackers exploit OAuth app consent to silently access Microsoft 365 data. Using targeted KQL queries and PowerShell automation, this blog shows how to detect, investigate, and respond to these stealthy identity-based threats. The post Investigating OAuth App Abuse with the Graph Activity Log appeared first on Practical 365.| Practical 365
Learn how to list and restore soft-deleted cross-tenant access policies in Microsoft Entra ID using Microsoft Graph PowerShell. The post Find and Restore Deleted Cross-Tenant Access Policies appeared first on Our Cloud Network.| Our Cloud Network
See how to hide or show approver details in access packages with this new feature and easily configure it with our guide. The post Configure Whether Requestors Can See Access Package Approver Details appeared first on Our Cloud Network.| Our Cloud Network
Three new Graph API resources provide easy access to Entra ID authentication method summary data. The information is helpful to understand the type of sign-ins that happen, and the authentication methods used by user connections. The article includes a script based on the MFA sign-in summary to highlight non-MFA connections and the apps users connect to.| Office 365 for IT Pros
Dynamic Microsoft 365 Groups come with many advantages, but they also require Entra P1 licenses. This article explores how to create and maintain a DIY version of dynamic Microsoft 365 groups using the Microsoft Graph PowerShell SDK and Azure Automation. At the end of the day, the principle is proven, but maybe it's best to pay for the licenses. The post Practical Graph: Creating Dynamic Microsoft 365 Groups without Entra P1 Licenses appeared first on Practical 365.| Practical 365
Use PowerShell and new Microsoft Graph APIs to visualise user MFA, SSPR, and password reset activity in your Microsoft 365 tenant. The post How to Visualise Microsoft Entra MFA Sign-in Metrics with PowerShell appeared first on Our Cloud Network.| Our Cloud Network
If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token management. Although you don’t need to know the details of the access token used in an SDK session, it’s possible to find and examine its contents, and even use the token with a Graph request. It's a nice to know thing that you’ll never need in practice.| Office 365 for IT Pros
Version 2.29 of the Microsoft Graph PowerShell SDK can now be downloaded from the PowerShell Gallery. Initial tests show that the release is stable. However, it’s recommended that you deploy V2.29 on a few workstations to test essential scripts before proceeding to a full-scale roll-out. V2.29 does not address the issue with PowerShell runtime in Azure Automation, but overall, first indications are that V2.29 is a good release.| Office 365 for IT Pros
Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you might need to update the script that you use. Things are a little more complicated when using the Graph, but where there’s a will, there’s a way. Here's how to use the Graph PowerShell SDK to do the job.| Office 365 for IT Pros
The conditional access policy condition for token protection now extends to Microsoft Graph PowerShell SDK interactive sessions. Any account within the scope of a CA policy that requires token protection can use Web Account Manager (WAM) to sign in and check that everything is secure and ready to go. It’s a protection that might be of interest to administrators and developers that access sensitive data in Graph SDK sessions.| Office 365 for IT Pros
A recent post revealed that the Mailbox Import-Export Graph API doesn't capture audit events for its operations. The API is in beta, but this is disappointing. Auditing any mailbox is important, but it becomes a critical requirement when the possibility exists that attackers could use the API to exfiltrate mailbox data outside of the tenant. This is a hole that Microsoft needs to close.| Office 365 for IT Pros
Microsoft will launch the aiInteractionHistory Graph API (aka, the Copilot Interaction Export API) in June. The API enables third-party access to Copilot data for analysis and investigative purposes, but any ISV who wants to use the API needs to do some work to interpret the records returned by the API to determine what Copilot really did in its interactions with users.| Office 365 for IT Pros
A user reported that a script didn't list any details of hidden group memberships and asked why. The reason is that a separate Graph permission controls access to hidden group memberships. If an app doesn’t have the permission, the Graph returns null memberships, which is probably not all that helpful. Once the right permission is in place, everything works.| Office 365 for IT Pros
On May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying problems that have dogged the SDK for several months. The first few days haven’t revealed any new problems and bug reports are being closed, so the signs are positive. But do test before deploying V2.28 into production.| Office 365 for IT Pros
Some new Graph APIs were announced on April 1 to close a feature gap with EWS. The new APIs permanently remove mailbox items and other objects, including folders, calendars, and calendar items. Permanent deletion means that items cannot be recovered through clients because they end up in the Purges folder in Recoverable Items. This article explains how the new APIs work, including a practical example.| Office 365 for IT Pros
Update #11 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download. The eBook is now over 300 pages long and includes extensive coverage of using PowerShell to interact with Exchange Online, Teams, Planner, SharePoint Online, and OneDrive for Business data using workload modules or the Graph APIs (and Microsoft Graph PowerShell SDK).| Office 365 for IT Pros
In the first installment of Securing Microsoft 365 with Graph Activity Logs, Mezba Uddin dives into the essentials of the Microsoft Graph Activity Log, what it does, its importance for visibility, and how to get it running to start seeing it's data.| Practical 365
A while back I published a blog post on how you can add Microsoft Graph application role permissions to a Managed Identity, something that is useful if you have deployed Azure services that use managed identities, and need permission to access Graph API. https://gotoguy.blog/2022/03/15/add-graph-application-permissions-to-managed-identity-using-graph-explorer/ The above blog post is currently the only “graphical” or UI […]| GoToGuy Blog
In this contribution I will show you how you can build your own Security Copilot, by using Azure Open AI, AI Search Service and your own security data sources, in a creative way that let users ask about their own security status in a natural language! This is part of my contribution to the Festive […]| GoToGuy Blog
Microsoft recently announced that Workload Identity Federation for Azure Pipelines now is in Public Preview: https://devblogs.microsoft.com/devops/public-preview-of-workload-identity-federation-for-azure-pipelines/. This opens for a lot of scenarios for Azure service connections, without the need to manage secrets for service principals and more security as there are no secrets that can be exposed or exfiltrated. As I work a lot […]| GoToGuy Blog
There are several ways you can access the Azure AD Protected APIs in Power Platform Flows and Apps. Without creating Custom Connectors, which basically can connect to any REST based API that is available, it is useful to know what built-in HTTP connectors are available and can be used for delegated authentication to Azure AD […]| GoToGuy Blog
I’m excited and very much looking forward to speak at the upcoming Oslo Power Platform & Beyond Community Event, which will happen in-person at May 21st 2022 at Microsoft Norway offices i…| GoToGuy Blog
You have a service principal in your tenant. Either you created it yourself or it’s a service principal for an app registration from another tenant (multi tenant application). Now this service principal needs access to an addition role. It’s not always possible to do a new admin consent sometimes you want the change just for a single service principal in a single tenant. I wrote about this before, but since the Azure AD module is depreciated, it’s time to do the same with the new Micros...| Coding Stephan
Hey there! Today, I wanted to introduce you to one of the small but excellent module I've created called the O365Synchronizer. This module focuses on synchronizing contacts and users. If you've ever been tasked with synchronizing Global Address Lists (GAL) across different Office 365 tenants or just wanted to sync GAL with user mailboxes so they can access contacts directly on their phones, this tool is for you. The post Syncing Global Address List (GAL) to personal contacts and between Offic...| Evotec