AndrewCZ's Avatar

AndrewCZ

@andrewztrhgf

Enthusiast of PowerShell automation https://doitpshway.com/ https://github.com/ztrhgf

19
Followers 82
Following 17
Posts 20.11.2024
Joined
Posts Following

Latest posts by AndrewCZ @andrewztrhgf

Side note...

If you are using the Teams webhook with Microsoft's Verified ID Helpdesk sample, you should not trust any of the notifications you receive 😬

Unfortunately, everything is exposed to and sent by the client with no validation that user verification was performed :(

15.08.2025 01:20 πŸ‘ 4 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Mobile Device Management Options Disappear from OWA Microsoft plans to remove the ability of users to perform mobile device management (for their devices) from the OWA and new Outlook for Windows clients.

I'm not sure if many use the mobile device management features in OWA and the new #Outlook, but if you do, Microsoft is about to remove this facility from client settings. Mobile device management through EAC remains unchanged.
office365itpros.com/2025/08/15/m...
#Microsoft365

15.08.2025 09:07 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Master Log Tiering With Microsoft Sentinel DataΒ Lake Microsoft Sentinel has evolved from a cloud-native SIEM into a modern security data lake platform that enables organizations to ingest, retain, and analyze massive volumes of log data without compromising on cost or coverage. Traditional SIEMs forced security teams to make painful tradeoffs – either limit logging and retention (leaving blind spots) or pay exorbitant costs to store everything. Sentinel’s new data lake…

πŸš€ New Blog: Master Log Tiering with Microsoft Sentinel Data Lake πŸš€

πŸ›‘οΈ Microsoft Sentinel’s modern security data lake is a game-changer for SOC teams, CISOs, and security architects. In this article, I break down:

πŸ“Œ Unified Data Management β€” onboarding all your security data across clouds and…

15.08.2025 14:05 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Detect threats using GraphAPIAuditEvents - Part 3 For a long time now, defenders had the ability to monitor behavior of human- and workload identities in Entra tenants not only through AuditLogs but with high level of insight with the MicrosoftGraphA...

Two years ago I published a two part series on #MSGraph logs and how to use them for threat hunting.

Now comes part 3 and the logs are finally available to the masses.

#EntraID #KQL #Security

cloudbrothers.info/en/detect-th...

15.08.2025 15:56 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

πŸ“’ Breaking changes: Guest billing for Entra ID Governance

I haven't seen any announcements on this and guidance is extremely lacking, so Joe Stocker gave me time to create a script to help everyone assess costs early :)

I would love your feedback!
github.com/nathanmcnult...

23.07.2025 23:21 πŸ‘ 8 πŸ” 6 πŸ’¬ 1 πŸ“Œ 1
Preview
How to use Microsoft Graph Api Batching to speed up your scripts Graph Api batching is a great way to dramatically improve the performance of your Graph API-related scripts. It enables parallel execution of up to 20 Graph API calls, which is fantastic, but there is one tiny little problem. You have to write your o...

I have rewritten Get-IntunePolicy using graph api batching (Invoke-GraphBatchRequest from my MSGraphStuff module) and now it returns all our Intune policies in just 11 seconds instead of 50! Check doitpshway.com/how-to-use-m... for more details.

#powershell #graph #MSIntune

23.07.2025 14:57 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Dll conflicts between AZ and Graph Sdk auth modules. To avoid this you need to import the modules in correct order plus have versions that can work together. It's awful.

22.07.2025 04:30 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

What about Az? That's the real pain mostly.

21.07.2025 20:45 πŸ‘ 0 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0
OSINT Entra ID Open Source Intelligence tool

Struggling to find a caller by object ID in AzureActivity in your directory? It may be from another directory.

Check the claims field, the tenant ID is contained within the claim and you can use something like aadinternals.com/osint/ to find out which tenant the caller is from.

02.07.2025 10:33 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Basically if I take the code it can be used to backup our sentinel settings (after some modification of course)?

26.06.2025 04:48 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
GitHub - mystak23/Sentinel_DevOpsConnection: This repository contains a script for automatic MicrosoftSentinel - AzureDevOps connection. This repository contains a script for automatic MicrosoftSentinel - AzureDevOps connection. - mystak23/Sentinel_DevOpsConnection

Sentinel DevOps Connection - This script creates the new Azure DevOps repository with Microsoft Sentinel code content. github.com/mystak23/...

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR

25.06.2025 15:45 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

Not run o lot of tests but in general batching was faster for me (probably because of parallel overhead)

05.06.2025 12:06 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I am a little bit surprised you didn't show graph batching which is much faster πŸ€”

05.06.2025 04:20 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Ever wonder exactly what Defender AV settings are configured and where they got those settings from?

This new feature in Defender for Endpoint shows the effective configuration and the source the settings came from

Very helpful for troubleshooting :)

learn.microsoft.com/...

29.05.2025 04:35 πŸ‘ 13 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

Sure. It's reappearing issue that won't be solved without teams that create those modules coordination though.

16.05.2025 05:22 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Automatically deploy Windows drivers on Patch Tuesday | Peter Klapwijk - In The Cloud 24-7 Automatically deploy drivers for Windows devices on Patch Tuesday to avoid unneeded reboots.

It was Patch Tuesday this week, time to align the driver deployment with the monthly patch Tuesday!

#Windows #WindowsUpdate #MsIntune #Automation

inthecloud247.com/automaticall...

15.05.2025 06:34 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

They should with every sdk release inform with what version of AZ modules this one is compatible for (doesn't have dll conflicts). Otherwise I stay on the 2.25 πŸ™‚

15.05.2025 17:22 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
CI/CD Implementation for Azure Sentinel Using Terraform | Microsoft Community Hub As cyber threats become increasingly sophisticated, security teams must adopt scalable and repeatable practices to maintain a robust defense posture. Azure...

CI/CD Implementation for Azure Sentinel Using Terraform techcommunity.micros...

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR

15.05.2025 16:46 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

One of the questions during our #MSGraph sessions at @mmsmoa.bsky.social was around filtering. Highly recommend checking out @merill.net’s blog post for a deeper dive and fantastic visuals

merill.net/2024/07/prop...

#PowerShell #MMSMOA

09.05.2025 21:40 πŸ‘ 28 πŸ” 6 πŸ’¬ 4 πŸ“Œ 0
Preview
PowerShell 7.5 GA is now available - PowerShell Team We’re pleased to announce the release of PowerShell 7.5.0! For this release the focus has been on quality, security and stability of the platform. We greatly appreciate the enormous amount of communit...

Psh Core 7.5 has this sorted btw

devblogs.microsoft.com/powershell/a...

10.05.2025 09:45 πŸ‘ 4 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
New version of EntraFIDOFinder is out now Now with over 15 new keys! It was a little slow last month, but this month they made up with adding 6 new Vendors too. For the module, most of the enhancements were on the backend, where I created …

NEW keys added to EntraFIDOFinder #PowerShell module - check out the blog post clatent.com/2025/05/new-...

05.05.2025 10:59 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Azure X-Ray - Microsoft Edge AddonsYour Privacy Choices Opt-Out Icon Make Microsoft Edge your own with extensions that help you personalize the browser and be more productive.

I made an Azure version
microsoftedge.microsoft.com/addons/detai...

27.04.2025 02:35 πŸ‘ 10 πŸ” 4 πŸ’¬ 1 πŸ“Œ 1
Preview
Introducing ActorInfoString: A New Era of Audit Log Accuracy in Exchange Online | Microsoft Community Hub How ActorInfoString Elevates Security and Transparency  We’re excited to introduce ActorInfoString, a significant new feature...

Introducing ActorInfoString: A New Era of Audit Log Accuracy in Exchange Online techcommunity.micros...

#Security #MicrosoftSecurity #Cybersecurity #SFI #SecureFutureInitiative

25.04.2025 19:59 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Not seeing out-gridview getting fixed? πŸ™

26.04.2025 06:00 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Linking to page aka.ms/GetMicrosoftAuthenticator

Linking to page aka.ms/GetMicrosoftAuthenticator

🚨 PSA: FAKE Microsoft Authenticator apps are flooding the App Store & Play Store! ⚠️

Protect your users!

ONLY send them to the official download link πŸ‘‡

Bookmark this! Update your user guides & intranet NOW. RT to spread the word!

#CyberSecurity #MFA

πŸ§΅β†“

22.04.2025 09:00 πŸ‘ 14 πŸ” 8 πŸ’¬ 2 πŸ“Œ 3
Preview
Comprehensive Guide to Configuring Advanced Auditing This post provides everything you need to ensure Advanced Auditing is fully configured and auditing everything we possibly can for both existing and new users. I recently shared guidance for this via social media (see below), and it felt like a perfect time to revisit my previous posts and combine everything into one comprehensive guide :) You likely aren't collecting all available events to the Unified Audit Log First, not all events are enabled or retained optimally. Consider creating this policy in the Purview portal (leave users and record types blank to collect everything). Retention is based on license... pic.twitter.com/IEKKfrkpI8

Most Microsoft tenants do not have Advanced Auditing configured correctly, and orgs only find out after it is too late :(

I tried really hard to make this as short and simple as possible. Please be nice to your IR folks and set this up, it's important ;)

nathanmcnulty.com/bl...

16.04.2025 05:13 πŸ‘ 34 πŸ” 10 πŸ’¬ 2 πŸ“Œ 0
Preview
Microsoft Attempts to Fix Microsoft Graph PowerShell SDK V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version.

Microsoft attempts to fix the problem with V2.26.1 of the Graph #PowerShell SDK and Azure Automation. This is the kind of issue that should never have appeared in public. Sad to see vital components abused.
office365itpros.com/2025/04/14/m...
#Microsoft365

14.04.2025 09:42 πŸ‘ 3 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

100% true.

I would add other incompatibilities like with AZ auth module and that it requires you to authenticate in the correct order πŸ™‚

15.04.2025 04:44 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Recover Admin Account with Entra Break Glass Access Application Learn how to configure break glass access application in Entra ID to recover admin accounts from the lockouts.

I've been mulling over this concept of a break glass application in Entra, and thought I'd share some important notes for anyone that might be considering it

For reference, here's the article:
blog.admindroid.com/...

Short thread, but my primary concern is privilege escalation

11.04.2025 03:42 πŸ‘ 11 πŸ” 2 πŸ’¬ 3 πŸ“Œ 0
Post image

So, uhh, this seems like something that is highly abusable that I bet almost nobody is monitoring for... :-/

learn.microsoft.com/...

08.04.2025 05:24 πŸ‘ 19 πŸ” 3 πŸ’¬ 3 πŸ“Œ 0