The OAuth Token Flow and Token Theft
Understanding the OAuth Token Flow and the risk of Token Theft.
Posts by Category
- azure-ad 9
- scripts 5
- microsoft-graph 2
- exchange-online 2
- aad-connect 1
- identity-provisioning 1
- group-writeback 1
- b2c 1
azure-ad
Scoping Azure AD Roles with Administrative Units
In Azure AD, an Administrative Unit is a collection of Users, Groups and Devices. These groupings provide a means to apply granular control in the assignment...
Granting Background App Services, Daemons and Scripts Delegated Permissions for Microsoft Graph
Background services, daemons and scripts interacting with Microsoft Graph are commonly configured to acquire Application level permissions. Application admin...
B2C Federating to a Single Azure AD Tenant
A B2C tenant that federates back to single Azure AD tenant supporting Members, Guests (B2B) and Customers (or Consumers).
Azure AD Group Writeback to On-Premises AD
Using the Azure AD Connect Group Writeback feature to synchronise cloud groups to on-premises.
Azure AD On-Premises Application Identity Provisioning
Azure AD Application Identity Provisioning to On-Premise Applications that lack SCIM support.
Azure AD Tenant Migration and Consolidation
A series of high-level steps for migrating an Azure AD O365 tenant with its users and data.
Analysing Application and Service Principal Objects
Analysing Application and Service Principal objects.
AD FS Authentication with Azure AD
A means of enabling and disabling AD FS federation on an Azure AD custom domain name.
scripts
Using PowerShell to Create HTML Emails
Using PS and the .Net MailMessage class to create rich content html emails with embedded images and attachments for services like AWS SES and SendGrid.
Preconfiguring Authentication Methods for SSPR
Empower newly onboarded users to utilise SSPR without needing to contact the IT Service Desk to set their first password.
Calling Microsoft Graph via PowerShell
Microsoft Graph using the Invoke-RestMethod
Using MSAL.NET with PowerShell
Example use of the PowerShell MSAL module.
Generating Random Passwords
Creating a random password string using only PowerShell and .NET.
microsoft-graph
Granting Background App Services, Daemons and Scripts Delegated Permissions for Microsoft Graph
Background services, daemons and scripts interacting with Microsoft Graph are commonly configured to acquire Application level permissions. Application admin...
Microsoft Graph Audit Log Filters
A series of useful audit filters that may be used against the Microsoft Graph auditLogs endpoint.
exchange-online
Setting Mailbox Localisation in O365
A method to set mailbox regional configuration.
Increasing the O365 Email Size Limit
A method to increase the maximum receive sizelimit on a specific mailbox
aad-connect
AAD Connect and the ImmutableId
How AAD Connect and the ImmutableID attribute are related.
identity-provisioning
Azure AD On-Premises Application Identity Provisioning
Azure AD Application Identity Provisioning to On-Premise Applications that lack SCIM support.
group-writeback
Azure AD Group Writeback to On-Premises AD
Using the Azure AD Connect Group Writeback feature to synchronise cloud groups to on-premises.
b2c
B2C Federating to a Single Azure AD Tenant
A B2C tenant that federates back to single Azure AD tenant supporting Members, Guests (B2B) and Customers (or Consumers).