Read articles and blog posts about PowerShell on Practical365.com.
In this article, we guide you through the process of using the Graph Activity Log and Kusto Query Language (KQL) to hunt for common indicators of mailbox compromise, with useful tips along the way.
App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.
A new Set-MgDriveItemSensitivityLabel cmdlet makes it easier to assign sensitivity labels in PowerShell scripts. However, the cmdlet does not get around the restriction imposed by Microsoft on using metered APIs. Apps still must be registered as Azure resources before scripts can run the cmdlet. It's easy to understand why, even if it seems strange at first.
When administrators create new Entra ID apps, the apps don't have an owner unless an owner is explicitly assigned. The net result is that a tenant can end up with many ownerless apps. In this article, we explain how to find ownerless apps, and how to use audit data to find suitable owners for those apps. All done with PowerShell, of course.
In the first installment of Securing Microsoft 365 with Graph Activity Logs, Mezba Uddin dives into the essentials of the Microsoft Graph Activity Log, what it does, its importance for visibility, and how to get it running to start seeing it's data.
Everyone learns from experience. This article covers five important building blocks for writing great Graph PowerShell scripts, the product of hard-won experience and many mistakes. Filtering, properties, permissions, and pagination all make the list.
PowerShell scripting becomes far more powerful when you master collections like arrays and hash tables. In this article, we review the basics of standard collection types. Then, walk through additional useful options that leverage other object types available through the .NET Framework.
Calendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs.
I usually reach for the Microsoft Graph PowerShell SDK when I need to automate Microsoft 365 processes. But sometimes, the Graph doesn't work. PnP PowerShell is a great tool for interacting with SharePoint Online, in this instance to check document libraries to find how many have a default sensitivity label configured. The code works, it's reasonably quick, and it's an example of how flexible PowerShell can be in dealing with Microsoft 365.
Any time you allow a third-party application to run in a system you own or control, you’re assuming risk. In this episode of Practical Protection, we discuss how to reduce that risk by managing app consent in Microsoft Entra ID, as well as a few other alternatives.
In the second part of this series on Controlling Access to Microsoft 365 Entra ID Apps, Ingo dives into the process of creating custom Role-Based Access Control (RBAC) to Improve Security in your tenant.
A previous article explained how Microsoft 365 usage report data can highlight inactive Copilot users. If we add audit data to the mix, the analysis becomes much richer because we can see exactly what use people make of different Copilot apps, like Word, Chat, Outlook, and so on. Better data means better decisions!
