AzureAD Archives - darrenjrobinson - Bespoke Identity and Access Management Solutions

December 22, 2021December 21, 2021

Connecting to Microsoft Graph using the Authorization Code with PKCE Flow and PowerShell

I’ve authored numerous posts on using the Microsoft Authentication Libraries to connect to Microsoft Graph using PowerShell and Python. They cover using both public and confidential client methods. But what about a method that can be either? In this post I show how to use the Authorization Code with PKCE Flow and PowerShell to authenticate and authorize against Azure Active Directory for Microsoft Graph access.… keep reading

December 21, 2021December 22, 2021

Generating PKCE codes with PowerShell

Proof Key for Code Exchange (PKCE) is a mechanism often used with an OAuth2 Authorization Code Grant flow to provide an enhanced level of security when authenticating to an Identity Provider such as Microsoft Graph to get an access token. In order to use PKCE a code_verifier is generated along with a code_challenge.… keep reading

October 7, 2021October 7, 2021

What does your Azure AD FIDO2 Passwordless Credential look like?

I’m curious. I often think, how does that work? Or why does it behave like that? We are well into the journey towards Passwordless adoption and I’ve spoken and posted about aspects of it before. Always a good place to start are the standards.… keep reading

July 14, 2021July 15, 2021

Azure AD User Account Federation Report

Which Azure AD Tenants is my user account federated too? More specifically, in which Azure Active Directory Tenants do I have an Azure Active Directory B2B Guest Account? Is there a way I can quickly get an Azure AD User Account Federation Report?… keep reading

June 15, 2021June 14, 2021

PowerShell Snippets Vol 4

Welcome to my PowerShell Snippets Vol 4. A collection of PowerShell commands for tasks that I don’t perform often and can’t recall easily from memory. Those ‘I know I’ve worked this out before’ type moments. Volume 1 is available here, Volume 2 is available here and Volume 3 is available here.… keep reading

June 2, 2021June 2, 2021

Subscribing to Azure AD Change Notifications with PowerShell

Microsoft Graph webhooks or the ability to receive an Azure AD Change Notification has been around for some time. However, as I primarily deal with Azure AD for user and group objects I never previously had the need to utilize them.… keep reading

May 19, 2021May 19, 2021

Azure AD and Microsoft Office365 Deep Links and Sign In URLs

Accessing Microsoft Office365, the Azure Portal, and the plethora of services we integrate with Azure Active Directory is for the most part seamless, especially when you only need to access a single tenant. However, it is 2021, and collaboration across tenants is the new normal.… keep reading

March 4, 2021March 4, 2021

Azure AD Authentication Methods Summary Reports using Microsoft Graph and PowerShell

Recently I wrote about reporting on individual Azure AD Users Authentication Methods using Microsoft Graph and PowerShell. Whilst this is great at a user level, Azure AD Authentication Methods Summary Reports at an organization level are often requested by IT Management.… keep reading

February 24, 2021August 25, 2021

Finding Stale Azure AD B2B Guest Accounts based on lastSignInDateTime

Collaboration between Azure Active Directory tenants typically involves Azure AD Guest accounts. After a few years, the proliferation of ‘Guest’ accounts usually becomes a focus, especially for larger tenants. As Azure AD has matured the meta data associated with accounts, along with Microsoft Graph improvements is making it easier to define and locate stale Azure AD B2B Guest Accounts.… keep reading

February 17, 2021February 17, 2021

Reporting on Users’ Azure AD Authentication Methods using Microsoft Graph and PowerShell

Reporting on users’ registered Azure AD Authentication methods is a more common request from enterprise security teams recently with the advance of Passwordless Authentication. In mid 2020 Microsoft added the ability to report on Azure AD Authentication Methods using Microsoft Graph, however ONLY with Delegated Microsoft Graph permissions.… keep reading