Articles, views, and insights about the practical application of the Microsoft Graph APIs (including the Microsoft Graph PowerShell SDK) from Practical365.com
App secrets are used to authenticate registered apps with Entra ID. App secrets (or passwords) are convenient and easy to use, but they're relatively insecure. The default app management policy for the tenant can block app secrets while custom app management policies can allow selective apps to use app secrets for testing or other well-defined purposes. All explained here.
In the second part of this series on Controlling Access to Microsoft 365 Entra ID Apps, Ingo dives into the process of creating custom Role-Based Access Control (RBAC) to Improve Security in your tenant.
In this article, Mezba Uddin reviews using Audit Logs and the Graph API to performs six specific investigation actions in Exchange Online to help keep your email environment safe.
After a year or so of using the AuditLog Query Graph API, we have enough experience to be able to explain how to take advantage of the API and when it could be used to run audit searches instead of the Search-UnifiedAuditLog cmdlet. There's lots of PowerShell code in this article to give anyone who wants to experiment with the API a good start to finding audit events.
This article describes how to create a report about group-based licensing assignments and any errors that might have occurred. The code uses the Microsoft Graph PowerShell SDK to fetch information about the groups used for licensing assignments, interpret the assignments, find users with assignment errors, and send email to inform administrators about what's been found.
The need to restore deleted user accounts sometimes arises. The process is well understood and options are available to do the job in the Entra and Microsoft 365 admin centers. But if you need to restore a deleted user account and change its user principal name, that operation can only be done with PowerShell. This article explores why updating a user principal name during a restore might be necessary and the code to restore accounts.
Most Microsoft 365 tenants have a collection of Entra ID apps to manage. One task might be to control access to Entra ID apps, so the question is how best to do this. Assignments for users and groups control the ability to use apps while custom app roles are there for developers to determine what a user can done when they run an app.
The Microsoft Graph API offers great access to SharePoint Online site content, but sometimes the need exists to resist app access to SharePoint Online sites. That's where the Sites.Selected Graph permission comes in by allowing administrators to dictate exactly which sites an app can access. Practice the Principle of Least Permission!
This article describes what happens when the Connect-MgGraph cmdlet runs in interactive and app-only sessions with the Microsoft Graph PowerShell SDK. A session is created and a context is established, and it's possible to use the session context to do real work.
Microsoft announced the Retirement of EWS in Exchange Online a while ago. That means any scripts or applications you have written should be reviewed and rewritten to use Microsoft Graph. In this blog, we review an example of moving from EWS to the Graph while handling date values.
Sometimes Microsoft 365 tenants need to store specific data for objects like users and groups. The Graph provides several extensibility options. This article describes how to define and use schema extensions to store information about the container management labels assigned to Microsoft 365 Groups.
Oversharing of information is a major concern in the AI era. This article describes how to write a script to report file sharing for OneDrive for Business accounts. The report details the files shared, the type of sharing link and access, and who can access the files. It's an example of using the Microsoft Graph PowerShell SDK to understand what's happening in a tenant.
