MS GRAPH

Hi All,

I’ve released an updated Version of my Conditional Access HTML Export PowerShell Script on my GitHub Repo.

It’s always a Pain to document Conditional Access Policies. So i’ve forked and modified the Script from https://github.com/dougsbaker/CA-Export to match my needs.

Recently i saw the new “Network” Section in the Conditional Access Policies. I Like when the Sections match the HTML Output

• Users
• Target resources
• Network
• Conditions
• Grant
• Session

The Script requires the Microsoft.Graph PowerShell Modules and the following Permissions

Hi All,

A few Weeks ago Microsoft has announced the Permanent Deletion of mailbox items.

• Microsoft Graph APIs for permanent deletion of mailbox items now available

It’s relatively simple. Instead of the “DELETE” HTTP Method you use the “POST” Method and add “/permanentDelete” to the URI.

###############################################################################
#Delete
#https://learn.microsoft.com/en-us/graph/api/message-delete?view=graph-rest-1.0&tabs=http
###############################################################################
DELETE /users/{UserId}/messages/{MessageId}
DELETE /users/{UserId}/mailFolders/{mailFolderId}/messages/{MessageId}

###############################################################################
#Permanently Delete
#https://learn.microsoft.com/en-us/graph/api/message-permanentdelete?view=graph-rest-1.0&tabs=http
###############################################################################
POST /users/{UserId}/messages/{MessageId}/permanentDelete
POST /users/{UserId}/mailFolders/{mailFolderId}/messages/{MessageId}/permanentDelete

Time for me to test the Functionality.

Hi All,

A few Hors ago, Microsoft has released the Version 2.27.0 of Microsoft.Graph and Microsoft.Graph.Beta Modules.

• PowerShell Gallery Microsoft.Graph 2.27.0

• PowerShell Gallery Microsoft.Graph.Beta 2.27.0

Release Notes

• [v2] Weekly OpenApiDocs Refresh
• [v2] Examples Update
• Prevents automatic inference of properties with numeric characters defined as strings. e.g {“age”:“28”}"
• Fixes removal of boolean and empty Json object values from request body
• Task: Bootstrap acr-push pipeline by @Onokaev
• Adds aliases to avoid conflicting cmdlets calling the same Api path
• Adds Metadata for authentication module cmdlets
• Added directives to disable generation of invalid Service Announcement cmdlets
• Fix: Depend on previous stage by @Onokaev

Hi All,

In end of February Microsoft has Annouced a new way to control the EWS Usage in Exchange Online. This is in preparation for the Retirement of EWS in October 2026

• The way to control EWS usage in Exchange Online is changing.

Unlike other Settings, for Example SMTP Basic Authentication, the EWSEnabled Property in the Exchange Online Organization Configuration can no longer be overridden via Set-CASMailbox on a individual Level.

Hi All,

With the MC1011142 Message Center Post, Microsoft has announced the retirement of App Permissions for OneNote:

Effective March 31, 2025, we will retire support for authentication tokens with application permissions (app-only tokens) for MSGraph OneNote APIs. We will continue to support authentication tokens that have delegated permissions. While app-only tokens are easy to use, they may be more easily exploited compared to more sophisticated authorization methods. Requests to the Notes API endpoints using tokens with application permissions will return 401 unauthorized errors starting March 31, 2025.

Hi All,

A while ago, i did write an Azure Runbook that compares my Licenses every week.

• Keep Track of new ServicePlans in M365 Licenses

I’ve received an Email this Week, stating that there have been added some new Service Plans to the “Microsoft_365_Copilot” SKU.

In the M365 Admin Center it looks like this

Let’s check the Licenses with PowerShell

Connect-Graph -Scopes User.ReadWrite.All, Organization.Read.All -NoWelcome
Get-MgUserLicenseDetail -UserId a.bohren@icewolf.ch

Hi All,

A few Hors ago, Microsoft has released the Version 2.26.1 of Microsoft.Graph and Microsoft.Graph.Beta Modules.

• PowerShell Gallery Microsoft.Graph 2.26.1

• PowerShell Gallery Microsoft.Graph.Beta 2.26.1

Release Notes

• Roll back to .NET 6
  • Refresh Open Api file for Devices.CorporateManagement Module to generate missing cmdlets
• Ensures property values that have / are not modified to have them removed

I am using the new PSResourceGet here instead of the PowerShellGet commands.

Show installed Versions and what’s available in PowerShell Gallery

Hi All,

A few Hors ago, Microsoft has released the Version 2.26.0 of Microsoft.Graph and Microsoft.Graph.Beta Modules.

• PowerShell Gallery Microsoft.Graph 2.26.0

• PowerShell Gallery Microsoft.Graph.Beta 2.26.0

Release Notes

• Bumps versions for Azure.Identity, Azure.Identity.Broker and Microsoft.Graph.Core
• feat: add direct dependency on System.Text.Json
• Allow serialization of null valued properties
• [v2] Examples Update
• Re-enables generation of Get cmdlets for attack simulation
• Drop unsupported net 6 and net 7
• Updated examples for New-MgInvitaiton and New-MgBetaInvitation
• Removes invalid path. /security/attackSimulation
• Removes undocumented operations under /identityGovernance/privilegedAccess/group/assignmentSchedules/{privilegedAccessGroupAssignmentSchedule-id}
• Removes unnecessary response content for PATCH operation that returns http status code 204
• Removes undocumented path that returns http status code 404
• Ensures that cmdlets are correctly mapped to their respective modules
• Removes invalid path/teams/{team-id}/channels/{channel-id}/messages/$count
• Updates module mapping file to add missing tag tenantRelationships.tenantRelationship.Functions
• Updates module mapping file to add missing tag policies.deviceRegistrationPolicy
• Updates module mapping file to add missing tag me.authentication
• Removes undocumented patch operation for /sites/{site-id}/pages/{baseSitePage-id}
• Updates default output for MicrosoftGraphDirectoryObject model properties
• Adds -ObjectId parameter as an alias for -ApplicationId
• Regenerate missing cmdlets
• Removes invalid Remove-MgBetaEntitlementManagementAccessPackageAssignmentcmdlet

Hi All,

I am working with a customer on a M365 Onboarding. Bevore migrating Users to the Cloud, we want to make sure the Onboarding of the Microsoft Authenticator App is successful. I was tasked to figure out a way to find out the Users that have registered the Microsoft Authenticator App for MFA Authentication.

Enduser Portal

From a User Perspective you can see in the Security Information that there are registered two Microsoft Authenticators.

Hi All,

About two Weeks ago, Microsoft has announced the public preview of the Exchange Export-Import Graph API.

• Introducing the Microsoft Graph Export-Import APIs for Exchange in public preview

Many of our customers currently rely on APIs powered by Exchange Web Services (EWS) for tasks like Exchange mailbox backup, archiving and migration. However, with the EWS deprecation initiative, customers have been asking for a method built on the Microsoft Graph platform to discover mailbox items, selectively export them and then import these items into Exchange Online mailboxes.