All posts tagged EntraID

Powershell with Entra CBA – unattended access to Defender portal when Graph API or Application permission does not fit

One of my previous posts covered a “basic” way to track secure score changes using Graph API with application permissions. While I still prefer application permissions (over service accounts) for unattended access to certain resources, sometimes it is not possible – for example when you want to access resources which are behind the Defender portal’s […]

How much time your users are wasting with “traditional” MFA?

Recently, I came across a post on LinkedIn which demonstrated that Passkey authentication is way faster than traditional Password+MFA notification login. It made me curious: how much time does it exactly take to do MFA? TL;DR– This report uses the SignInLogs table which needs to be configured in Diagnostic settings– Unfortunately I did not manage […]

Hunting for report-only (Microsoft-managed) Conditional Access impacts

Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.