Entra ID - Blog

Entra ID, Graph API, Microsoft 365, OneDrive for Business, SharePoint Online

Granular permissions for working with files, list items and lists added to the Graph API!

July 4, 2024July 4, 2024 Vasil Michev

Microsoft has extended their permissions model for working with files, list items and lists within the Graph API. The newly introduced Files.SelectedOperations.Selected, ListItems.SelectedOperations.Selected and Lists.SelectedOperations.Selected scopes are available in both delegate and application permission flavors and allow you to granularly control application access! At the same time, they use the same model the Sites.Selected permissions used, so you can easily adopt them. …

Continue readingGranular permissions for working with files, list items and lists added to the Graph API!

Entra ID, Graph API, Microsoft 365, Office 365, PowerShell

How to properly filter for specific enabled services via the Graph API/SDK

June 26, 2024 Vasil Michev

The limited (and convoluted) filter capabilities of the Graph API have lead to scenarios where people are using incorrect queries to filter out the set of users enabled for specific Microsoft 365 service(s). In this article, we will go over some of the common mistakes I’ve seen in online examples, and provide you with a “proper” solution, to the best of the current Graph API filtering capabilities. …

Continue readingHow to properly filter for specific enabled services via the Graph API/SDK

Azure AD, Entra ID, Graph API, Microsoft 365, Office 365, PowerShell

How to hard-match Entra ID users via the Graph API or the Graph SDK for PowerShell

June 20, 2024 Vasil Michev

A short article on how to use the Graph API methods or the corresponding Graph SDK for PowerShell cmdlets to hard-match on-premises user object against their Entra ID counterparts. …

Continue readingHow to hard-match Entra ID users via the Graph API or the Graph SDK for PowerShell

Entra ID, Graph API, Microsoft 365

Less known Graph API endpoints you can use to ensure compliance with CIS benchmark

June 13, 2024 Vasil Michev

In this article we will introduce you to some less known Graph API endpoints and methods (as well as some PowerShell cmdlets) that can help you report on or remediate against CIS benchmark controls. …

Continue readingLess known Graph API endpoints you can use to ensure compliance with CIS benchmark

Entra ID, Exchange Online, Graph API, Office 365, OneDrive for Business

Some ramblings around Continuous access evaluation, support for Graph and service principals

May 22, 2024 Vasil Michev

Does the Graph resource support Continuous Access Evaluation? How exactly are long-lived CAE tokens issued, and is it worth it to accept some additional risk as a tradeoff? But most importantly, beware of scenarios where CAE-capable service principal is compromised, as the advertised support for revocation seems to be a bit shady! …

Continue readingSome ramblings around Continuous access evaluation, support for Graph and service principals