Obtaining Entra license utilization insights data via the Graph API

A quick and dirty exploration of the new Graph API endpoint that exposes Entra License Utilization Insights data, now available in public preview. As none of this is currently documented by Microsoft, we cannot provide the full details, but we can still get sufficient data to built our own report! …

Continue readingObtaining Entra license utilization insights data via the Graph API

Can you verify whether third-party applications adhere to the Identity platform best practices?

In this article, we take a look at which methods and tools we can use in order to “audit” the adherence to Microsoft’s Identity platform best practices for any third-party applications that might be in use in your tenant. With OAuth app compromises hitting the news on a regular basis nowadays, it is time to action! …

Continue readingCan you verify whether third-party applications adhere to the Identity platform best practices?

Reporting on Entra ID directory role assignments (including PIM)

Report on permanently assigned Entra ID directory roles as well as any PIM-eligible role assignments. The scripts come in two versions, one based on the Graph SDK for PowerShell and another one using “raw” Graph API requests. Supports Privileged Access Groups as well (PIM for groups). …

Continue readingReporting on Entra ID directory role assignments (including PIM)

Reporting on BitLocker recovery keys and associated devices

Due to popular demand, I put together a short script that generates a report of all BitLocker recovery keys in your tenant. Optionally, you can use the report to include device-level details, such as its compliance status, last activity or registered owner. …

Continue readingReporting on BitLocker recovery keys and associated devices

Reporting on Entra ID application registrations

An updated version of the script to generate a report of all Entra ID Application registrations and their properties. Use the report to find applications with expired credentials, to enforce credential rollover, review overprivileged applications and applications with no usage. A Graph SDK based version of the script is also provided. …

Continue readingReporting on Entra ID application registrations