Some ramblings around Continuous access evaluation, support for Graph and service principals

Does the Graph resource support Continuous Access Evaluation? How exactly are long-lived CAE tokens issued, and is it worth it to accept some additional risk as a tradeoff? But most importantly, beware of scenarios where CAE-capable service principal is compromised, as the advertised support for revocation seems to be a bit shady! …

Continue readingSome ramblings around Continuous access evaluation, support for Graph and service principals

Updated version of the ODFB shared files report PowerShell script (2022)

Few years back, I released a “proof of concept” script that uses the Graph API endpoints to enumerate all shared files, across all user’s OneDrive for Business site collections within an organization. Due to some recent changes in the underlying Graph API endpoints, I have released an updated version of …

Continue readingUpdated version of the ODFB shared files report PowerShell script (2022)

Another Office 365 compliance issue swept under the rug

A while back, I was made aware of an interesting issue, namely the fact that OneDrive for Business users can disable indexing for their own drives, effectively disabling functionalities such as eDiscovery or DLP. This of course is yet another issue that stems from the fact that users are Site …

Continue readingAnother Office 365 compliance issue swept under the rug