Reporting on BitLocker recovery keys and associated devices

Due to popular demand, I put together a short script that generates a report of all BitLocker recovery keys in your tenant. Optionally, you can use the report to include device-level details, such as its compliance status, last activity or registered owner. …

Continue readingReporting on BitLocker recovery keys and associated devices

Reporting on Entra ID application registrations

An updated version of the script to generate a report of all Entra ID Application registrations and their properties. Use the report to find applications with expired credentials, to enforce credential rollover, review overprivileged applications and applications with no usage. A Graph SDK based version of the script is also provided. …

Continue readingReporting on Entra ID application registrations

Reporting on Entra ID integrated applications (service principals) and their permissions

In this article, we are presenting you with an update version of the PowerShell script to report on Entra ID service principal objects and their properties and permissions. In addition, a version of the script running on the Graph SDK for PowerShell is also provided, for usage with delegate permissions. …

Continue readingReporting on Entra ID integrated applications (service principals) and their permissions

Script to review and remove service principal credentials

Last week, we explored Entra ID’s app instance property lock feature. As part of the process, we examined one possible way that bad actors could take advantage of the convoluted nature of working with multi-tenant applications within Microsoft 365 and their in-tenant representation, the service principal. As the app instance …

Continue readingScript to review and remove service principal credentials