All posts tagged Report

How much time your users are wasting with “traditional” MFA?

Recently, I came across a post on LinkedIn which demonstrated that Passkey authentication is way faster than traditional Password+MFA notification login. It made me curious: how much time does it exactly take to do MFA? TL;DR– This report uses the SignInLogs table which needs to be configured in Diagnostic settings– Unfortunately I did not manage […]

by on January 4, 2025  •  Permalink
Posted in AzureAD, Conditional Access, KQL
Tagged , , ,
Posted by Daniel Kovacs on January 4, 2025

https://f12.hu/2025/01/04/how-much-time-your-users-are-wasting-with-traditional-mfa/

Hunting for report-only (Microsoft-managed) Conditional Access impacts

Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.

by on January 17, 2024  •  Permalink
Posted in AzureAD, Conditional Access, KQL
Tagged , , , ,
Posted by Daniel Kovacs on January 17, 2024

https://f12.hu/2024/01/17/hunting-for-report-only-microsoft-managed-conditional-access-impacts/

AzureAD App registrations – the “application” permission + credentials combination security nightmare

When talking about Azure AD security, we tend to put less focus on service principals/app registrations*. But when we take into consideration that these principals can have assigned API permissions and “static” credentials (certificate or password) and that these credentials in the wrong hands can cause serious damage, we may change our attitude.* While “App […]

by on May 6, 2023  •  Permalink
Posted in AzureAD, GraphAPI, PowerShell
Tagged , , , , ,
Posted by Daniel Kovacs on May 6, 2023

https://f12.hu/2023/05/06/azuread-app-registrations-the-application-permission-credentials-combination-security-nightmare/

SharePoint Online external file sharing report using Graph API and PowerShell

The story in short: one of my customers asked me if it is possible to generate a report on all content in Office365 shared externally. Doing some searches I found the following solutions:– Run the sharing reports on each site and each OneDrive (link, link)– Run reports based on audit logs (link) While these reports […]

No Comments
by on March 13, 2023  •  Permalink
Posted in AzureAD, GraphAPI, PowerShell, SharePoint Online
Tagged , ,
Posted by Daniel Kovacs on March 13, 2023

https://f12.hu/2023/03/13/sharepoint-online-file-sharing-report-using-graph-api-and-powershell/

Monitor AzureAD App registration expiration with PowerShell (GraphAPI)

There are several methods for monitoring Azure AD App registration expiration (like PowerAutomate or Azure Logic Apps) but these methods require extra licences or an Azure subscription. The PowerShell way is free and it only requires a new registration in AzureAD. TL;DR The script:

No Comments
by on January 29, 2023  •  Permalink
Posted in AzureAD, GraphAPI, PowerShell
Tagged , ,
Posted by Daniel Kovacs on January 29, 2023

https://f12.hu/2023/01/29/monitor-azuread-app-registration-expiration-with-powershell-graphapi/

Retrieve Bitlocker keys stored in AzureAD with PowerShell

Bitlocker keys can be stored in Active Directory and in Azure Active Directory too – but querying the latter is a bit trickier than usual. The following script will export all Bitlocker recovery keys (from your Azure Active Directory tenant) to an HTML table. TL;DR1. Ensure that you meet the following prerequisites: – you have […]

No Comments
by on November 11, 2020  •  Permalink
Posted in AzureAD, Bitlocker, PowerShell
Tagged , , ,
Posted by Daniel Kovacs on November 11, 2020

https://f12.hu/2020/11/11/retrieve-bitlocker-keys-stored-in-azuread-with-powershell/