darrenjrobinson – Bespoke Identity and Access Management Solutions
Enterprise Microsoft and SailPoint Identity & Access Management Architect
Today, I’m super excited to finally announce the Beta release of EntraPulse Lite – a passion project I’ve been building over the last few months. EntraPulse is a desktop application that transforms how you interact with your Entra Tenant and understand Entra with Microsoft Docs and Learn.
I’m excited to share some significant authentication enhancements I’ve contributed to the Lokka MCP Server for Microsoft Graph. These updates, detailed in this pull request and on NPM make an already excellent tool even more versatile.
First and foremost, a massive shout-out to Merill Fernando, the original author of Lokka MCP.… keep reading
Last week inspired by Satya Nadella’s Microsoft Ignite Keynote I looked into the possiblity of creating an AI Agent for Entra ID. More specifically if I could create my own Entra ID AI Agent using PowerShell. The image below is what I had in mind.… keep reading
Previously I have written a number of posts on interacting with Azure AD using the Microsoft Authentication Libraries (MSAL) and Python. This page here lists those posts along with a series using PowerShell. The Python related posts also detail decoding Azure AD access tokens with Python to determine when the access token will expire.… keep reading
I’ve authored numerous posts on using the Microsoft Authentication Libraries to connect to Microsoft Graph using PowerShell and Python. They cover using both public and confidential client methods. But what about a method that can be either? In this post I show how to use the Authorization Code with PKCE Flow and PowerShell to authenticate and authorize against Azure Active Directory for Microsoft Graph access.… keep reading
Proof Key for Code Exchange (PKCE) is a mechanism often used with an OAuth2 Authorization Code Grant flow to provide an enhanced level of security when authenticating to an Identity Provider such as Microsoft Graph to get an access token. In order to use PKCE a code_verifier is generated along with a code_challenge.… keep reading
Registering Microsoft Graph applications using the Azure Portal and assigning API Permissions is trivial. When you are automating that process though rather than choosing API permissions using the Azure Portal Application Registration UI, you need to know the Microsoft Graph Permission Scope IDs.… keep reading
Previously I’ve written about using MSAL and PowerShell with Application Permissions and Client Credentials and Certificate based authentication. Also with Delegated Permissions and Device Code flow authentication. The one I haven’t written a post on is performing interactive authentication to Microsoft Graph using MSAL with PowerShell and Delegated Permissions.… keep reading
Earlier this year I wrote this post on Microsoft Graph using MSAL with Python and Delegated Permissions. That post used the Device Code flow which was valid for the particular scenario I had at that time. This post whilst also using delegated permissions and MSAL with Python uses Interactive Flow.… keep reading
Which Azure AD Tenants is my user account federated too? More specifically, in which Azure Active Directory Tenants do I have an Azure Active Directory B2B Guest Account? Is there a way I can quickly get an Azure AD User Account Federation Report?… keep reading