Tag: Azure AD

Converting output from a NoSql database to joined and structured CSV in Powershell

I was tasked to export data from Microsoft Graph about users to CSV in order to build reports in Qlickview. The problem I had was that the user object in Microsoft Graph are polymorphic, meaning that the output we get are not required to have the same properties for each of the user object we…



Securing Onedrive – Cleaning up unwanted sharing permissions

OneDrive for Business is great! The administration tools provided is not! If you’re still reading you might agree with me when I say that Sharepoint Online admin center is far from the best experience when administrating anything related to OneDrive. Luckily we have access to everything we might need using the OneDrive REST API, a…



Discover users running Legacy Authentication and why you need to disable it

Are you running Exchange Online and still allow Basic Authentication (a.k.a. Legacy Authentication) for all users and not running MFA? Then you’re extremely exposed to attacks. Microsoft has announced the blocking of this on 13 Oct 2020 but the biggest problem is that you probably will get (and possibly already have been) breached because of…



Azure Active Directory Authentication with Open VPN

Until recent you could connect to your VNet in Azure with certificate-based or RADIUS authentication but now Microsoft Azure support native Azure Active Directory authentication with Open VPN protocol. Azure AD integration with Open VPN enables user-based policies, multi-factor authentication (MFA) together with conditional access for P2S VPN. In order for Azure AD authentication to…



Powershell in the Cloud – Part 1 – Azure Automation – Managing your Infrastructure from the Cloud

I recently held a talk about Powershell in the Cloud in Powershell User Group Sweden, this 3 part series is an attempt to refine and expand on that talk. The series will focus on the functionality rather than the code behind it as I want the content to be accessible for not anyone, whether you…



Azure AD authentication methods, MFA and SSPR insights and reports

We’ve been rolling out MFA (Multi-Factor authentication) and SSPR (Self-Service Password Reset) for many customers last couple of years. It often takes time and requires preparations but done right it will succeed and once finished they users get used to it just as they get used logging in using MFA to their bank. During the…



Granting permissions for single users to Azure AD connector in Flow and PowerApps

The Flow and PowerApps connector for Azure AD is great when you want to build an app that read and writes to Azure AD. Or to automate Azure AD tasks like editing groups or users. However, I quickly noticed that the user that wanted to use this connector in Flow was met by the following…



Office Cloud Policy Service – Preview Feature

Earlier this year Microsoft announced a new cloud based service that allows administrators to create and manage policies for Office ProPlus users in your tenant, this service is called “Office Cloud Policy Service” or “OCPS” for short. These policies are created and managed via an internet based portal and are then enforced upon members of…



New baseline policies available in Conditional Access

Last week Microsoft starting to rollout three new baseline policies in Conditional Access. Baseline policy: Block legacy authentication (Preview) Baseline policy: Require MFA for Service Management (Preview) Baseline policy: End user protection (Preview) Baseline Policy in Conditional Access are part of Baseline Protection in Azure Active Directory (Azure AD) and the goal of these policies…



Querying Microsoft Graph with Powershell, the easy way

Edit: There is now a Github page for this project https://github.com/Freakling/Powershell-MicrosoftGraphAPI Microsoft Graph is a very powerful tool to query organization data, and it’s also really easy to do using Graph explorer but it’s not built for automation. While the concept I’m presenting in this blogpost isn’t something entirely new, I believe my take on it…