All about Microsoft 365
In this article, we demonstrate a somewhat convoluted method used by bad actors to obtain persistence and execute operations in the context of Entra ID multi-tenant applications, as well as the steps Microsoft is taking to address the issue. As the solution only covers part of the story, a follow up article and a PowerShell script will be needed to address it. …
In another “forgotten knowledge” topic, let’s discuss how to automatically clean up/remove items from the Deleted items folder in Exchange Online/Microsoft 365. Nothing has changed in this process for years now, but it looks like people online are still having a hard time finding proper instructions on how to configure …
Continue readingMake sure Deleted items are automatically removed from Microsoft 365 mailboxes
Spotting some strange entries in the output of a Graph SDK cmdlet leads us down the rabbit hole of troubleshooting “missing” GUIDs in Entra ID. Or how SignInActivity data for users’ access to other tenants is collected …
Do you know that you can now restrict access to the Microsoft 365 audit log events based on membership of Administrative unit(s)? Read the full article to find out how! …
Continue readingMicrosoft 365 Audit adds support for administrative unit scoping
Microsoft has been gradually expanding the reach of its Conditional Access feature, while at the same time also releasing a bunch of controls that allow us to more granularly scope CA policies. Examples in this area include not just the ability to scope policies to a subset of the objects …
Continue readingScoping conditional access policies to “tagged” applications