Update Entra ID Device Extension Attributes via PowerShell & Create Dynamic Security Groups.
2) Overview of Extension Attributes and Updating via PowerShell What Are Extension Attributes? Extension attributes (1–15) are predefined string fields available on Entra ID device objects. They are exposed to Microsoft Graph as the extensionAttributes property. These attributes can store custom values like department, environment tags (e.g., Prod, Dev), or ownership details. Why Use Them? Dynamic Group Membership: Use extension attributes in membership rules for security or Microsoft 365 groups. Policy Targeting: Apply Defender for Endpoint (MDE) policies, Conditional Access or Intune policies to devices based on custom tags. For details on configuration of the policies refer below documentation links. https://learn.microsoft.com/en-us/defender-endpoint/manage-security-policies https://learn.microsoft.com/en-us/intune/intune-service/ https://learn.microsoft.com/en-us/entra/identity/conditional-access/ Updating Extension Attributes via PowerShell and Graph API Use Microsoft Graph PowerShell to authenticate and update device properties. Required permission: “Device.ReadWrite.All”. 3) Using PowerShell to Update Extension Attributes create app registration in Entra ID with permissions Device.ReadWriteall and Grant admin Consent. Register an app How to register an app in Microsoft Entra ID - Microsoft identity platform | Microsoft Learn Graph API permissions Reference. For updating Entra ID device properties you need “Device.ReadWrite.all” permission and Intune administrator role to run the script. Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn Below is the script Important things to note and update the script with your custom values. a) update the path of the excel file in the script. column header is 'DeviceName' Note: You may want to use CSV instead of excel file if Excel is not available on the admin workstation running this process. b) update the credential details - tenantId,clientId & clientSecret in the script. Client id and client secret are created as a part of app registration. c) update the Externsionattribute and value in the script. This is the value of the extension attribute you want to use in dynamic membership rule creation. ___________________________________________________________________________ #Acquire token $tenantId = "xxxxxxxxxxxxxxxxxxxxx" $clientId = "xxxxxxxxxxxxxxxx" $clientSecret = "xxxxxxxxxxxxxxxxxxxx" $excelFilePath = "C:\Temp\devices.xlsx" # Update with actual path $tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/ $tenantId/oauth2/v2.0/token" -Method POST -Body $tokenBody $accessToken = $tokenResponse.access_token # Import Excel module and read device names Import-Module ImportExcel $deviceList = Import-Excel -Path $excelFilePath foreach ($device in $deviceList) { $deviceName = $device.DeviceName # Assumes column header is 'DeviceName' Get device ID by name $headers = @{ "Authorization" = "Bearer $accessToken"} $deviceLookupUri = "https://graph.microsoft.com/beta/devices?`$filter=displayName eq '$deviceName'" try { $deviceResponse = Invoke-RestMethod -Uri $deviceLookupUri -Headers $headers -Method GET } catch { Write-Host "Error querying device: $deviceName - $_" continue } if ($null -eq $deviceResponse.value -or $deviceResponse.value.Count -eq 0) { Write-Host "Device not found: $deviceName" continue } $deviceId = $deviceResponse.value[0].id # Prepare PATCH request $uri = "https://graph.microsoft.com/beta/devices/$deviceId" $headers["Content-Type"] = "application/json" $body = @{ extensionAttributes = @{ extensionAttribute6 = "MDE" } } | ConvertTo-Json -Depth 3 try { $response = Invoke-RestMethod -Uri $uri -Method Patch -Headers $headers -Body $body Write-Host "Updated device: $deviceName"} catch { Write-Host "Failed to update device: $deviceName - $_" } } Write-Host "Script execution completed." ________________________________________________________________________________________________________________________ Here’s a simple summary of what the script does: Gets an access token from Microsoft Entra ID using the app’s tenant ID, client ID, and client secret (OAuth 2.0 client credentials flow). Reads an Excel file (update the path in $excelFilePath, and ensure the column header is DeviceName) to get a list of device names. Loops through each device name from the Excel file: Calls Microsoft Graph API to find the device ID by its display name. If the device is found, sends a PATCH request to Microsoft Graph to update extensionAttribute6 with the value "MDE". Logs the result for each device (success or failure) and prints messages to the console. 4) Using Extension Attributes in Dynamic Device Groups Once extension attributes are set, you can create a dynamic security group in Entra ID: Go to Microsoft Entra admin center → Groups → New group. Select Security as the group type and choose Dynamic Device membership. Add a membership rule, for example: (device.extensionAttributes.extensionAttribute6 -eq "MDE") 4. Save the group. Devices with extensionAttribute6 = MDE will automatically join. 5) Summary Extension attributes in Entra ID allow custom tagging of devices for automation and policy targeting. You can update these attributes using Microsoft Graph PowerShell. These attributes can be used in dynamic device group rules, enabling granular MDE policies, Conditional Access and Intune deployments. Disclaimer This script is provided "as-is" without any warranties or guarantees. It is intended for educational and informational purposes only. Microsoft and the author assume no responsibility for any issues that may arise from the use or misuse of this script. Before deploying in a production environment, thoroughly test the script in a controlled setting and review it for compliance with your organization's security and operational policies.MAC - Importing Legacy POP On My Computer data
The end is nigh for Legacy thus I did the switch as a test knowing I could still revert. Background: I have long time POP account. In the UBF8T346G9.Office, Outlook, Outlook 15 Profiles, Main Profile: Data folder: 159 GB. Largest folders: Message Attachments: 90 GB Message Sources: 65 GB Messages: 5 GB Before I switching I tried: Export Data to OLM – don't have enough room Delete attachments from multiple emails – can only do one email at a time. Rules can't help After switch it began importing On My Computer data which was hopeful, but it held at 141498 items, and would take days I read. I reverted back to Legacy and will go another way about it when I have a few off days. My question: Apart from deleting years of emails, what's a better way to get the most data out of Legacy, and/or speeding up the import? Get another drive and Export Data to OLM, then manually import? Delete attachment folders directly from Message Attachments folder? Find something like Clean my Mac? ?? Perfect world I get all my in out mail with whatever attachments remain and Calendar data, but I'll take what I can get at this point. Appreciated!AZ-500: Microsoft Azure Security Technologies Study Guide
The AZ-500 certification provides professionals with the skills and knowledge needed to secure Azure infrastructure, services, and data. The exam covers identity and access management, data protection, platform security, and governance in Azure. Learners can prepare for the exam with Microsoft's self-paced curriculum, instructor-led course, and documentation. The certification measures the learner’s knowledge of managing, monitoring, and implementing security for resources in Azure, multi-cloud, and hybrid environments. Azure Firewall, Key Vault, and Azure Active Directory are some of the topics covered in the exam.
1000 Free Udemy Coupons on Microsoft Power Automate With AI Builder
<<BAKRI ID(Id-ul-Ad'ha) -- 1000 FREE UDEMY COUPONS ON RPA>> On the Occasion of BAKRI ID(Id-ul-Ad'ha), I am very happy to share 1000 Free udemy coupons on Microsoft Power Automate With AI Builder Title : Advanced RPA - Microsoft Power Automate With AI Builder https://www.udemy.com/course/microsoft-power-automate-with-ai-builder/?couponCode=LT-BAKRID <<Our other courses on Udemy and Udemy Business>> Title : PL-500 Microsoft Power Automate RPA Developer BootCamp Link: https://www.udemy.com/course/pl-500-microsoft-power-automate-rpa-developer-bootcamp/?referralCode=891491BAB7F20B865EE6 Title 1: Become RPA Master in MS Power Automate Desktop https://www.udemy.com/course/microsoft-power-automate-desktop-tutorials-for-beginners/?referralCode=03D49B549EE2193E79EE Title 2: RPA : Microsoft Power Automate Desktop - Zero to Expert : 2 https://www.udemy.com/course/microsoft-power-automate-desktop-course-zero-to-expert-2/?referralCode=783F39A1D0CDB4A70A7C Title 3: RPA:Microsoft Power Automate Desktop:Intelligent Automation https://www.udemy.com/course/power-automate-desktop-course-intelligent-automation/?referralCode=E8C51F3C27EA98FE100C Connect with me on LinkedIn : https://www.linkedin.com/in/ameer-basha-p-b44880262/ Youtube Channel : www.youtube.com/learningtechnologies
Outlook IMAP in PHP
I'm trying to retrieve inbox mail using IMAP, but I'm encountering the following error. I've attached the code and error details below. Please advise. $imapServer = "{outlook.office365.com:993/imap/ssl/novalidate-cert}INBOX"; $username = '*************'; $password = '*************'; // Use an App Password for security $imapStream = imap_open($imapServer, $username, $password, OP_READONLY, 0, ['DISABLE_AUTHENTICATOR' => 'GSSAPI']); I'm getting this error: A PHP Error was encountered Severity: Warning Message: imap_open(): Couldn't open stream {outlook.office365.com:993/imap/ssl/novalidate-cert}INBOX Filename: controllers/Cron_Controller.php Line Number: 39 Backtrace: File: C:\xampp73\htdocs\WPS2.0_2025_03_04_1847\application\controllers\Cron_Controller.php Line: 39 Function: imap_open File: C:\xampp73\htdocs\WPS2.0_2025_03_04_1847\index.php Line: 348 Function: require_once A PHP Error was encountered Severity: Notice Message: Unknown: LOGIN failed. (errflg=1) Filename: Unknown Line Number: 0 Backtrace Thanks & Regards Kumaresan
disable teams notification when a user is added
Hello world, Whenever i add somebody as member to a team(Using Graph APIs). A notification is displayed on the screen of the newly added member. The business requirement states that this member is to be added and removed multiple times in a day and I don't want the user to get frustrated by all the notifications he will get. Is there a way i can add a user without him getting a notification on teams? This teams group is security enabled and we are trying to control the access that a user has by adding and removing him from this teams group. Thanks in advance, Anubhav
