All about Microsoft 365
An updated version of the script to generate a report of all Entra ID Application registrations and their properties. Use the report to find applications with expired credentials, to enforce credential rollover, review overprivileged applications and applications with no usage. A Graph SDK based version of the script is also provided. …
Continue readingReporting on Entra ID application registrations
Using the Graph API, we create a sample script to report on item count and size per year. The script can be run against multiple Exchange Online mailboxes at a time. …
Continue readingReporting on Microsoft 365 mailbox item count and size by year via the Graph API
Last week, we explored Entra ID’s app instance property lock feature. As part of the process, we examined one possible way that bad actors could take advantage of the convoluted nature of working with multi-tenant applications within Microsoft 365 and their in-tenant representation, the service principal. As the app instance …
Continue readingScript to review and remove service principal credentials
Today’s article will be a short one. In a small, but meaningful update, Microsoft has released a new addition to the signInActivity resource, which allows us to determine the last time a given user was able to sign in successfully to the service (“last successful login timestamp”). Until recently, we …
Continue readingWe can finally report on last successful login timestamp in Entra ID
In this article, we demonstrate a somewhat convoluted method used by bad actors to obtain persistence and execute operations in the context of Entra ID multi-tenant applications, as well as the steps Microsoft is taking to address the issue. As the solution only covers part of the story, a follow up article and a PowerShell script will be needed to address it. …