Cat Links Graph API, Microsoft 365, Office 365, PowerShell

How to fetch data for reports Microsoft is yet to provide Graph API endpoints for

Posted on Vasil Michev

As Microsoft is yet to provide Graph API endpoints for access to all of the Microsoft 365 reports, in this article we examine a workaround that allows you to fetch the same data by alternative means. As an added bonus, this method allows you to also fetch data for some reports that are not even exposed in the UI yet! …

Continue readingHow to fetch data for reports Microsoft is yet to provide Graph API endpoints for

Cat Links Entra ID, Exchange Online, Graph API, Office 365, OneDrive for Business

Some ramblings around Continuous access evaluation, support for Graph and service principals

Posted on Vasil Michev

Does the Graph resource support Continuous Access Evaluation? How exactly are long-lived CAE tokens issued, and is it worth it to accept some additional risk as a tradeoff? But most importantly, beware of scenarios where CAE-capable service principal is compromised, as the advertised support for revocation seems to be a bit shady! …

Continue readingSome ramblings around Continuous access evaluation, support for Graph and service principals

Cat Links Azure AD, Entra ID, Graph API, Microsoft 365, Office 365, PowerShell

How to manage Entra ID delegate permissions for specific users

Posted on Vasil Michev

In this article, we will detail how to manage delegate permissions (OAuth2PermissionGrant) for any Entra ID integrated application on a per-user basis via the Graph API or the Graph SDK for PowerShell. With this knowledge at hand, you should never have to add tenant-wide consents again! …

Continue readingHow to manage Entra ID delegate permissions for specific users

Cat Links Azure AD, Entra ID, Exchange Online, Graph API, Microsoft 365, Office 365, PowerShell

Remove user from all Microsoft 365 groups and roles (and more) via the Graph API (non-interactive)

Posted on Vasil Michev

A PowerShell script to remove user, or a set of users, from all groups they are a member of by using the Graph API methods. You can leverage the additional parameters of the script in order to also remove any directory role assignments, ownership assignments and delegate permission grants. The script supports Microsoft 365 Groups, Entra Security Groups, Exchange Distribution Groups and Mail-Enabled security groups. …

Continue readingRemove user from all Microsoft 365 groups and roles (and more) via the Graph API (non-interactive)

Cat Links Azure AD, Exchange Online, Microsoft 365, Office 365

Changes in Set-UnifiedGroup result in lack of proper audit trail

Posted on Vasil Michev

Recently, we’ve noticed that calling the Set-UnifiedGroup cmdlet with certain parameters no longer generates events within the Exchange Online Admin audit log. A more detailed investigations confirms those observations and highlights additional oddities. Most importantly, it looks like we can no longer obtain the actor’s IP address information. …

Continue readingChanges in Set-UnifiedGroup result in lack of proper audit trail