First look at the analyzedEmails Graph API endpoint

Today’s article will be about the newly introduced /analyzedEmails Graph API endpoint, which in a nutshell is a lightweight Threat explorer implementation. While the new API fails to measure up to the robust tool that Threat explorer is, this is not to say it has no merit, as it does …

Continue readingFirst look at the analyzedEmails Graph API endpoint

“Sequence” events in the Entra Audit log and how to work with them

A question over at Q&A highlighted some changes in the way Microsoft is generating Entra audit log records for license operations. We have talked about issues surrounding this process a lot in the past, for example in this article over at Practical 365. Apart from missing entries, a common pain …

Continue reading“Sequence” events in the Entra Audit log and how to work with them

Report on externally shared files in Microsoft 365 via the Graph API

An updated version of my “proof of concept” script to report on any and all externally shared files within the organization. This new version covers SharePoint Online sites as well and can also process individual sites via the -Sites parameter. The output has been reworked and now uses the ImportExcel module to generate a “pretty” Excel file with conditional formatting and clickable links. In addition, I’ve toyed with another version of the script that enumerates lists and list items, as opposed to the “classic” one that enumerates drives and processes them much like a traditional folder structure. Both versions should give you the same set of results, but can differ in performance and throttling aspect… …

Continue readingReport on externally shared files in Microsoft 365 via the Graph API

Granular permissions for working with files, list items and lists added to the Graph API!

Microsoft has extended their permissions model for working with files, list items and lists within the Graph API. The newly introduced Files.SelectedOperations.Selected, ListItems.SelectedOperations.Selected and Lists.SelectedOperations.Selected scopes are available in both delegate and application permission flavors and allow you to granularly control application access! At the same time, they use the same model the Sites.Selected permissions used, so you can easily adopt them. …

Continue readingGranular permissions for working with files, list items and lists added to the Graph API!