Azure Active Directory (Azure AD) is a cloud-based enterprise directory service used by Microsoft 365 to store details of user accounts, groups, and applications.
Microsoft Entra administrative units are gaining in popularity. Restricted administrative units are now available and many Purview solutions support administrative units. In this article, we explain how to use Microsoft Graph PowerShell SDK cmdlets to create a report about administrative units, role assignments for their management, and their membership.
Most articles covering how to bulk delete Azure AD accounts use a CSV file to hold the input set of accounts for removal. That approach works, but there are better ways to do the job if the contents of Azure AD are accurate.
Maintaining accurate Azure AD User Account manager links is important because many Microsoft 365 features like the Organization chart in Teams, the user profile card, and Outlook's Org Explorer depend on the information. This article covers how to use PowerShell to maintain the manager-employee links.
After much humming and hawing, Microsoft reset the retirement date for several old Azure AD modules to March 30, 2024. The nine-month extension is there to help customers convert scripts to use the Microsoft Graph PowerShell SDK or Graph API requests. On the upside, the extra time is good as it creates space to migrate scripts. On the downside, there's still some challenges in converting from the old Azure AD modules.
You can’t disrupt a chain if you can’t identify the links. In this blog, Paul Robichaux goes over some of the ways you can break a Kill Chain in your environment. And it all starts with asking yourself the right questions.
At the end of March, Practical 365 traveled with the TEC European roadshow, traveling between three cities in Europe over a week, listening to experts talking primarily about security-focused topics aimed at improving your Microsoft 365, Azure AD and Active Directory. Read our whistle-stop tour of the most important points made by expert speakers.
Many PowerShell scripts written to automate operations in Microsoft 365 tenants fetch Azure AD users or mailboxes to process. In this article, we explain how to fetch user objects effectively by using filters to make sure that scripts process the right set of accounts or mailboxes.
Because of the way the Windows security model works, it’s not currently possible to eliminate the use of passwords for local administrator accounts. Given that fact, the next best solution is to remediate the biggest problems with passwords for these local accounts, including weakness, reuse, and tenure. In this article, we discuss how the Local Administrator Password Solution (LAPS) helps with all of those!
Microsoft has long been asked to support guest account expiration, just like the functionality available for on-premises Active Directory accounts. Engineering priorities have not allowed the developers to work on the feature, but it's possible to do the job with PowerShell as we explain here.
It's good to put a face on Azure AD Guest Accounts by updating the accounts with thumbnail photos. This article explains how to approach the process of gathering suitable photos and uploading them to Azure AD. We also discuss how to speed up the process by finding guest accounts that are missing photos so that the script can focus on those accounts.
Implementing zero trust in the world is a big hassle, often uncomfortable, and frequently dorky—plus, it can be expensive. At the same time, moving closer to a zero trust model helps harden your network significantly, and you may already have many of the tools and techniques you need available without much extra cost. In this article, we discuss how to take baby steps toward Zero Trust.
Microsoft actively develops Azure AD external identities and doesn't do much with mail contacts. Maybe it's a good idea to migrate mail contacts to Azure AD guest accounts. This article explores what's involved in moving mail contacts over to Azure AD guest accounts using PowerShell.
