All about Microsoft 365
A question over at Experts Exchange prompted me to refresh my memory on the process of disabling access to PowerShell for Exchange Online users. The proper way to do that, as detailed by Tony in this article, is to toggle the corresponding flag on the user object. Microsoft is however …
Continue readingFew notes on disabling access to PowerShell in Exchange Online
Today’s article will be about the newly introduced /analyzedEmails Graph API endpoint, which in a nutshell is a lightweight Threat explorer implementation. While the new API fails to measure up to the robust tool that Threat explorer is, this is not to say it has no merit, as it does …
Continue readingFirst look at the analyzedEmails Graph API endpoint
Does the Graph resource support Continuous Access Evaluation? How exactly are long-lived CAE tokens issued, and is it worth it to accept some additional risk as a tradeoff? But most importantly, beware of scenarios where CAE-capable service principal is compromised, as the advertised support for revocation seems to be a bit shady! …
A PowerShell script to remove user, or a set of users, from all groups they are a member of by using the Graph API methods. You can leverage the additional parameters of the script in order to also remove any directory role assignments, ownership assignments and delegate permission grants. The script supports Microsoft 365 Groups, Entra Security Groups, Exchange Distribution Groups and Mail-Enabled security groups. …
Recently, we’ve noticed that calling the Set-UnifiedGroup cmdlet with certain parameters no longer generates events within the Exchange Online Admin audit log. A more detailed investigations confirms those observations and highlights additional oddities. Most importantly, it looks like we can no longer obtain the actor’s IP address information. …
Continue readingChanges in Set-UnifiedGroup result in lack of proper audit trail