How to add, remove or update Entra ID delegate permissions for specific users

In this article, we will detail how to manage delegate permissions (OAuth2PermissionGrant) for any Entra ID integrated application on a per-user basis via the Graph API or the Graph SDK for PowerShell. With this knowledge at hand, you should never have to add tenant-wide consents again! …

Continue readingHow to add, remove or update Entra ID delegate permissions for specific users

Remove user from all Microsoft 365 groups and roles (and more) via the Graph API (non-interactive)

A PowerShell script to remove user, or a set of users, from all groups they are a member of by using the Graph API methods. You can leverage the additional parameters of the script in order to also remove any directory role assignments, ownership assignments and delegate permission grants. The script supports Microsoft 365 Groups, Entra Security Groups, Exchange Distribution Groups and Mail-Enabled security groups. …

Continue readingRemove user from all Microsoft 365 groups and roles (and more) via the Graph API (non-interactive)

Obtaining Entra license utilization insights data via the Graph API

A quick and dirty exploration of the new Graph API endpoint that exposes Entra License Utilization Insights data, now available in public preview. As none of this is currently documented by Microsoft, we cannot provide the full details, but we can still get sufficient data to built our own report! …

Continue readingObtaining Entra license utilization insights data via the Graph API

Can you verify whether third-party applications adhere to the Identity platform best practices?

In this article, we take a look at which methods and tools we can use in order to “audit” the adherence to Microsoft’s Identity platform best practices for any third-party applications that might be in use in your tenant. With OAuth app compromises hitting the news on a regular basis nowadays, it is time to action! …

Continue readingCan you verify whether third-party applications adhere to the Identity platform best practices?

Reporting on Entra ID directory role assignments (including PIM)

Report on permanently assigned Entra ID directory roles as well as any PIM-eligible role assignments. The scripts come in two versions, one based on the Graph SDK for PowerShell and another one using “raw” Graph API requests. Supports Privileged Access Groups as well (PIM for groups). …

Continue readingReporting on Entra ID directory role assignments (including PIM)