Read articles and blog posts about PowerShell on Practical365.com.
In this article, we explore the best way to configure Microsoft Defender for Servers on Windows. From PowerShell and GPO to SCCM and Defender Security Management, we break down the pros and cons of each method.
Everyone probably knows how to use the Send As and Send on Behalf of permissions to send email from user mailboxes. Here we venture into the same task, but for Microsoft 365 Groups, shared mailboxes, distribution lists, and mail-enabled security groups. Once your permissions are aligned, everything is pretty simple.
In this installment of the Graph Activity Log series, we uncover how attackers exploit OAuth app consent to silently access Microsoft 365 data. Using targeted KQL queries and PowerShell automation, this blog shows how to detect, investigate, and respond to these stealthy identity-based threats.
Dynamic Microsoft 365 Groups come with many advantages, but they also require Entra P1 licenses. This article explores how to create and maintain a DIY version of dynamic Microsoft 365 groups using the Microsoft Graph PowerShell SDK and Azure Automation. At the end of the day, the principle is proven, but maybe it's best to pay for the licenses.
In this blog, we explore how IT admins can leverage WinGet, Microsoft’s Windows Package Manager, to streamline application deployment and updates across Intune-managed devices.
In this installment of our Graph Activity Log series, we’ll provide a practical playbook for using the Graph Activity Log and Kusto Query Language (KQL) to hunt for indicators of document exfiltration.
In this article, Sean McAvinue explores how Microsoft's Multi-Tenant Organizations (MTO) can help make tenant-to-tenant migrations a smoother process for both administrators and end users.
In this installment of Practical Teams, we explain what App-Centric Management is, how Integrated Apps work, and how Unified App Management differs from earlier methods.
In this article, we guide you through the process of using the Graph Activity Log and Kusto Query Language (KQL) to hunt for common indicators of mailbox compromise, with useful tips along the way.
App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.
A new Set-MgDriveItemSensitivityLabel cmdlet makes it easier to assign sensitivity labels in PowerShell scripts. However, the cmdlet does not get around the restriction imposed by Microsoft on using metered APIs. Apps still must be registered as Azure resources before scripts can run the cmdlet. It's easy to understand why, even if it seems strange at first.
When administrators create new Entra ID apps, the apps don't have an owner unless an owner is explicitly assigned. The net result is that a tenant can end up with many ownerless apps. In this article, we explain how to find ownerless apps, and how to use audit data to find suitable owners for those apps. All done with PowerShell, of course.
