Finding the Last App Accessed by a User
A reader question asked if it was possible to find the last app accessed by a user. Of course, anything is possible with PowerShell, but how? In this article, we explore using the Entra ID sign-in logs and Microsoft 365 audit log as sources for finding the desired information. Some performance issues emerge, so we end up running the code in Azure Automation. https://practical365.com/last-app-access-by-user/Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/
Is hsprotect.net a Microsoft property? Graph authentication
Running connect-mggraph, I get the IE "Sign in to your account/Verify your identity" windows. The first time through, it presents several of the "Trusted Sites" dialogs, to add various MS URLs to the trusted zone. One of them is https://iframe.hsprotect.net. The WHOIS for this domain does not list Microsoft. It's NameCheap, with "withheld for privacy" addresses in Iceland. Microsoft does not document this domain anywhere, though A.I. claims/hallucinates that MS uses it for protection-related telemetry and is certain it's in the Defender API guide. Can anyone confirm what's going on here?Microsoft Graph - List apps in chat - 404 UnknownError
In Microsoft Graph, I would like to list all Teams apps associated to an onlineMeeting (to its chat actually). According to List apps in chat - Microsoft Graph v1.0 | Microsoft Learn, this is supported with the following request : GET /chats/{chat-id}/installedApps There is a note saying that if the chat is associated with an onlineMeeting instance, then, effectively, the teamsApps installed in the meeting will be listed. That should work. However, I'm getting a 404 with UnknownError as the error.code on my end. The right permission (TeamsAppInstallation.ReadWriteForChat) is granted (Chat.ReadWrite is granted as well). Testing from Graph Explorer from now. Please note that the following is working to get chat messages with the same chat-id : GET /chats/{chat-id}/messages or the following to get chat members : GET /chats/{chat-id}/members I've tried the endpoint POST /chats/{chat-id}/installedApps to add an app to the chat as well but I'm getting the same kind of 404 (documented on Add app to chat - Microsoft Graph v1.0 | Microsoft Learn). Any advice? ThanksMicrosoft Deprecates Graph CLI and Toolkit
Microsoft has depreciated the Microsoft Graph CLI and Graph Toolkit. It’s nice to see some rationalization in this area, but the real need is for better quality and coverage across all the Microsoft 365 administrative actions. Even after fourteen years of development, too many undocumented and private APIs exist in use today in places like the Microsoft 365 admin center, which is an unacceptable situation. You should vote for a feedback portal item (link in article) to ask Microsoft to do better. https://office365itpros.com/2025/09/02/microsoft-graph-inconsistencies/Creating Dynamic Microsoft 365 Groups without Entra P1 Licenses
Dynamic Microsoft 365 Groups come with many advantages, but they also require Entra P1 licenses. This article explores how to create and maintain a DIY version of dynamic Microsoft 365 groups using the Microsoft Graph PowerShell SDK and Azure Automation. At the end of the day, the principle is proven, but maybe it's best to pay for the licenses. https://practical365.com/diy-dynamic-microsoft-365-group/Practical Graph: Working with Calendar Events Using Graph APIs
Calendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs. https://practical365.com/calendar-events-graph-api/How to Remove Members from Microsoft 365 Groups with PowerShell
After writing about how to copy group memberships from one user to another, the question arises about removing members from groups. The answer is straightforward when dealing with members of distribution lists and mail-enabled security groups, but things become more complicated when working with Microsoft 365 groups and it’s important to handle group owners correctly. https://office365itpros.com/2025/07/23/removing-members-from-groups/Using Purview eDiscovery APIs in App-Only Mode
Most eDiscovery work is done interactively, but a use case exists for working with eDiscovery cases through apps, such as populating a large review set. It’s possible to configure an Entra ID app to work with the eDiscovery APIs in app-only rather than delegated mode, but only by using an Exchange service principal to add the app to the eDiscovery manager role group. This approach also works with Azure Automation runbooks that use Managed Identities. https://practical365.com/ediscovery-app-only-mode/
