RT @0gis0
return(GiS); | Invitar a usuarios externos a un tenant de Azure AD a través de Microsoft Graph y Azure CLI | https://www.returngis.net/2023/04/invitar-a-usuarios-externos-a-un-tenant-de-azure-ad-a-traves-de-microsoft-graph-y-azure-cli/ #azuread #msgraph #azurecli

return(GiS); | Invitar a usuarios externos a un tenant de Azure AD a través de Microsoft Graph y Azure CLI | https://www.returngis.net/2023/04/invitar-a-usuarios-externos-a-un-tenant-de-azure-ad-a-traves-de-microsoft-graph-y-azure-cli/ #azuread #msgraph #azurecli

Develop Applications that use Sites.Selected permissions for SPO sites. #sharepoint #msgraph https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/develop-applications-that-use-sites-selected-permissions-for-spo/ba-p/3790476

Do you also want the possibility to request a #aad group membership via #Microsoft #Graph API?

E.g. to improve Self-Service possibilities for #M365 and #security Groups?

Then please support my feature request:
https://feedbackportal.microsoft.com/feedback/idea/2502cd1a-45ad-ed11-a81b-000d3a0450e3

#AzureAD #AAD #GraphAPI #Microsoft365 #MSGraph #MSFT #microsoftazure #Identity

I've been pointed at this marvellous thread on twitter that has a number of tips and tricks for anyone that uses the #MSGraph APIs, and especially the #GraphExplorer.

https://twitter.com/merill/status/1620266772707573760

My favourite tip from that list? The existence of https://cmd.ms which is a bunch of url shortcuts that are handy for when you need to operate with #Azure, MS 365 and Graph.

h/t @dubiousblur

Revamping MSOL
AzureAD
old scripts? Check this page to find out the latest and greatest #Powershell #MSGraph cmdlets that replace MSOL ones https://bit.ly/3Cv9KLF #Devops #Scripting

Microsoft Graph PowerShell v2 is now in public preview, half the size, and will speed up your automations https://devblogs.microsoft.com/microsoft365dev/microsoft-graph-powershell-v2-is-now-in-public-preview-half-the-size-and-will-speed-up-your-automations/ #powershell #msgraph #microsoft365

@cnotin @wald0 @DrAzureAD @dirkjanm service principals can be assigned Azure AD RBAC Roles.

• https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions

• you can even use access reviews on service principals for them https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-azure-ad-access-reviews-for-service-principals/ba-p/1942488

Or perhaps you want to limit the resource scope of the SP and only give it the ability to manage a limited set of groups or users, you can assign the role to the SP via an administrative unit https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#security-principals-that-can-be-assigned-with-administrative-unit-scope

See the point about directory readers too https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#service-principals-and-guest-users

• Also be aware of the guidance in the security operations guide for applications https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-applications

#azuread #msgraph #security

Fyi @merill @markmorow

#AzureAD #MSGraph I'm surprised to get access denied errors with some APIs even though my service principal is Global Admin (and more). It works fine if I add some API permissions to the SP, but I thought that having the role was enough (which is the case for most endpoints)...
Same with "/beta/identity/identityProviders" and "/beta/roleManagement/entitlementManagement/roleDefinitions" for example. Same with v1.0 endpoints (when they exist).
Did you already notice this @wald0 @DrAzureAD @dirkjanm?

@Yogi77 no way directly in Outlook. you can try https://devblogs.microsoft.com/scripting/use-powershell-to-data-mine-your-outlook-sent-items/ or #msgraph command https://graph.microsoft.com/v1.0/me/messages and filter JSON response