Using the Get-MessageTraceV2 cmdlet to generate mail traffic statistics by user

In this article we explore the recently introduced Get-MessageTraceV2 cmdlet and use it to bring new life to the good old Get-DetailedMessageStats.ps1 script. The script has now been updated to work with modern authentication methods and the new “no pagination” approach to fetching message trace data, as well as to handle scenarios that have become available since its initial introduction (i.e. plus addresses). …

Continue readingUsing the Get-MessageTraceV2 cmdlet to generate mail traffic statistics by user

How to manage Entra ID’s banned password list via the Graph SDK for PowerShell

Entra ID’s password protection feature was introduced back in 2018, adding support for a banned password list, the smart lockout controls and integration with on-premises AD. Programmatic access to the feature was enabled via directory settings templates, which at the time were exposed via the Azure AD Preview PowerShell module, …

Continue readingHow to manage Entra ID’s banned password list via the Graph SDK for PowerShell

You can no longer delegate folder-level permissions to a shared mailbox

In what looks like another attempt to curtail unsanctioned use of shared mailboxes in Exchange Online, Microsoft has begun blocking the ability to grant folder-level permissions to shared mailbox principals via PowerShell. As a side effect, you will no longer be able to use the Add-MailboxFolderPermission cmdlet to designate a …

Continue readingYou can no longer delegate folder-level permissions to a shared mailbox

Using the estimateAccess method to determine permissions on Entra objects

In this article, we take a look at the undocumented estimateAccess Graph API method, which can be used to determine what permissions a given user or application has against any directory object. This in turn can help you troubleshoot permission related issues, such as those where a given app throws an unexpected 403 error. …

Continue readingUsing the estimateAccess method to determine permissions on Entra objects

Graph-based What If Conditional Access tool

Microsoft released new Graph API based implementation of the What If tool. In this article, we will take a look at how to leverage the new What If experience in the UI as well as how the underlying Graph API endpoints work. It is great to finally have a supported method to test your Conditional Access policies! …

Continue readingGraph-based What If Conditional Access tool