Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.
Hunting for report-only (Microsoft-managed) Conditional Access impacts
https://f12.hu/2024/01/17/hunting-for-report-only-microsoft-managed-conditional-access-impacts/
SharePoint Online external file sharing report using Graph API and PowerShell
The story in short: one of my customers asked me if it is possible to generate a report on all content in Office365 shared externally. Doing some searches I found the following solutions:– Run the sharing reports on each site and each OneDrive (link, link)– Run reports based on audit logs (link) While these reports […]
https://f12.hu/2023/03/13/sharepoint-online-file-sharing-report-using-graph-api-and-powershell/
Monitor AzureAD App registration expiration with PowerShell (GraphAPI)
There are several methods for monitoring Azure AD App registration expiration (like PowerAutomate or Azure Logic Apps) but these methods require extra licences or an Azure subscription. The PowerShell way is free and it only requires a new registration in AzureAD. TL;DR The script:
https://f12.hu/2023/01/29/monitor-azuread-app-registration-expiration-with-powershell-graphapi/
Retrieve Bitlocker keys stored in AzureAD with PowerShell
Bitlocker keys can be stored in Active Directory and in Azure Active Directory too – but querying the latter is a bit trickier than usual. The following script will export all Bitlocker recovery keys (from your Azure Active Directory tenant) to an HTML table. TL;DR1. Ensure that you meet the following prerequisites: – you have […]
https://f12.hu/2020/11/11/retrieve-bitlocker-keys-stored-in-azuread-with-powershell/