Author: Sean McAvinue

Latest Articles

Introduction to the Microsoft Graph PowerShell SDK

A Unified Approach to Microsoft 365 management The Microsoft Graph API has been around for some time now and Microsoft is moving more management functions (such as License Management for Azure AD Accounts) to the platform. When Microsoft transitions a function to the Graph, organizations might have to update PowerShell scripts. Getting started with the […]

September 28, 2022

You’ve Migrated…​ But What Did You Leave Behind?

Preparation, Preparation, and More Preparation Migrations in Microsoft 365 are a complex beast. It seems every time you feel like you have captured everything, more apps or functionalities appear. Every shiny new tool Microsoft releases is another consideration for migration teams and IT departments. Planning for migrations – tenant-to-tenant or otherwise – is a mammoth […]

September 6, 2022

Performing a Conditional Access Assessment with PowerShell

Conditional access policies grow and change as the tenant grows and changes, but not all of the old policies, groups and assignments are not always tidied up, leaving complex web of policies that target different groups or apps. To gain insights into this mess, I created a PowerShell script to document not just Conditional Access policy settings, but also detail who is impacted by each policy and why.

June 20, 2022

Controlling OneDrive Synchronization

The OneDrive Sync Client is key to providing users with a reliable way to store files in SharePoint Online and OneDrive for Business. Therefore, it’s important that tenant administrators deploy OneDrive in a way that meets their organization’s requirements. This article explores the administrative options available for deploying and controlling OneDrive Sync Client.

April 13, 2022

How does the OneDrive Sync Client Work?

OneDrive for Business has come a long way since its SkyDrive days, and the modern sync client is better than ever with improved features and a more efficient user experience. This article explains how the OneDrive Sync Client works and some of the ways it does more than just make personal files available across devices, such as how it supports connecting to Microsoft Teams and SharePoint Online.

March 10, 2022

Why Using App Secrets in Production is a Bad Idea

As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.

February 16, 2022

Secure Access for Remote Workers without Microsoft Defender for Cloud Apps

In the second article of this 2-part series, we describe the alternatives that exist to help secure access for remote workers, exploring the worthy features that don’t require MDCA. The features detailed in this article are available for any tenant with Azure AD Premium licensing and offer a more generic set of controls for tenants where MDCA licensing is not available.

February 3, 2022

Using Microsoft Defender for Cloud Apps to Secure Access for Remote Workers

There are many ways to provide secure access for remote users working on a home network or personal device (such as VPNs or VDI environments) and they each bring their own levels of complexity. This article explores using Microsoft Defender for Cloud Apps as a solution that is easily deployed, and capable of expanding beyond Office 365 to bring a higher level of control and governance over third-party cloud apps that lack similar native controls.

January 27, 2022

Separating users in Office 365 using Address Book Policies

Microsoft 365 has many built-in controls to manage how users communicate externally, however, these controls do not generally extend to internal communication. While this is fine in most environments, situations exist where a degree of separation is required to segregate communication across different groups of users. This article details the configuration of Address Book Policies, and how they can be extended to include Teams.

January 5, 2022