Microsoft Graph

Articles, views, and insights about the practical application of the Microsoft Graph APIs (including the Microsoft Graph PowerShell SDK) from Practical365.com

Latest Articles

Practical Graph: Creating Dynamic Microsoft 365 Groups without Entra P1 Licenses

Dynamic Microsoft 365 Groups come with many advantages, but they also require Entra P1 licenses. This article explores how to create and maintain a DIY version of dynamic Microsoft 365 groups using the Microsoft Graph PowerShell SDK and Azure Automation. At the end of the day, the principle is proven, but maybe it's best to pay for the licenses.

August 13, 2025

Practical Graph: Tracking Critical App Actions Through Audit Events

App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.

July 8, 2025

Practical Graph: Assigning Sensitivity Labels to SharePoint Files with the PowerShell SDK

A new Set-MgDriveItemSensitivityLabel cmdlet makes it easier to assign sensitivity labels in PowerShell scripts. However, the cmdlet does not get around the restriction imposed by Microsoft on using metered APIs. Apps still must be registered as Azure resources before scripts can run the cmdlet. It's easy to understand why, even if it seems strange at first.

June 30, 2025

Practical Graph: Use App Management Policies to Control App Credentials

App secrets are used to authenticate registered apps with Entra ID. App secrets (or passwords) are convenient and easy to use, but they're relatively insecure. The default app management policy for the tenant can block app secrets while custom app management policies can allow selective apps to use app secrets for testing or other well-defined purposes. All explained here.

May 5, 2025

Practical Graph: Running Audit Log Searches with the AuditLog Query API

After a year or so of using the AuditLog Query Graph API, we have enough experience to be able to explain how to take advantage of the API and when it could be used to run audit searches instead of the Search-UnifiedAuditLog cmdlet. There's lots of PowerShell code in this article to give anyone who wants to experiment with the API a good start to finding audit events.

April 8, 2025