How to Report DLP Alerts
MC1169572 announces that administrators can add classifications to DLP alerts to help with reporting. But how do you report DLP alerts? As it turns out, it’s relatively easy to retrieve DLP alerts via the Microsoft Graph Security API, and using the Get-MgSecurityAlertV2 cmdlet from the Microsoft Graph PowerShell SDK makes it even easier to find and report the data. https://office365itpros.com/2025/12/29/dlp-alerts-report/Microsoft Graph PowerShell SDK V2.34 Makes WAM the Default
The Web Account Manager (WAM) authentication broker becomes the default method for handling interactive Microsoft Graph PowerShell SDK connections from V2.34 onwards. The rapid release of a new version (V2.33 appeared 12 days beforehand) is usually a sign of a big problem, but in this case the reason is more likely to be a security vulnerability that’s just come to light. We’ll find out after the holidays. We've released V19.1 of the Automating Microsoft 365 with PowerShell eBook (the advantage of ePublishing) to keep track with developments. https://office365itpros.com/2025/12/23/web-account-manager-graph-sdk/Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/App-Only Authentication for SharePoint Online PowerShell
The latest versions of the SharePoint Online PowerShell module support app-only authentication (certificate-based authentication) for the Connect-SPOService cmdlet. In other words, applications can now connect to SharePoint Online to run administrative cmdlets by presenting a registered Entra ID app and an X.509 certificate instead of the credentials for a human SharePoint administrator. It’s a good change, even if I still prefer using the Graph APIs for SharePoint automation. https://office365itpros.com/2025/12/02/app-only-authentication-spo/
Partner Intune reporting questions
I need some help for my global partner- SHI International. We have a monthly services modernization briefing with the SHI M365 practice team. They have a need around 1-2 Q&A deep-dive sessions where their team of M365 experts want to ask some in=depth technical and pre-sales related questions related to Intune Reporting Challenges and Customer Pain Points, Current Intune Reporting Limitations, Technical Barriers to Reporting, Permissions and Consent Model Confusion, Feedback on Documentation and User Experience. Appreciate any guidance on a PSA SME on this topic or a global black belt, that would be great. Appreciate if you can point me to the latest updated documentation on this topic. I reached out to several folks in the PSA team with no luck yet. Thanks!Creating a Service Principal Analysis for a Microsoft 365 Tenant
Understanding the set of registered and enterprise apps active in a Microsoft 365 tenant is important. Attackers can sneak in and plant an app to exfiltrate or otherwise steal data. This article explains how to use PowerShell to create a service principal analysis report that highlights common problems and gives tenant administrators the data needed to manage apps. https://practical365.com/service-principal-analysis-report/Removing Inactive Entra ID User Accounts with PowerShell
The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts. Sounds good, but the same can be done with PowerShell if you want to avoid the cost of Entra ID Governance licenses or want to create a bespoke workflow that’s better suited to the business needs of the organization. Azure Automation would be a good way to process this workflow. https://office365itpros.com/2025/11/17/remove-inactive-user-accounts/How to Check Unexpected Sign-Ins Against Utility Accounts
Utility accounts exist in every Microsoft 365 tenant. These accounts are not intended for normal user activity and include accounts used for Exchange room and shared mailboxes and the break-glass or emergency accounts intended to allow administrators to sign-in if their usual accounts are blocked. This article shows how to use PowerShell and the Microsoft Graph to check sign-in events to ensure that the accounts aren't being accessed. https://practical365.com/check-utility-accounts-break-glass-signins/A Brief History of Soft-Deleted Entra ID Groups
Entra ID has long supported soft-deleted Microsoft 365 Groups. Now support is available to list and restore soft-deleted security groups in both the Entra admin center and cmdlets from the Microsoft Graph PowerShell SDK, so the articles include a script to show how to list and recover deleted Microsoft 365 and security groups. The update is very welcome as it fixes a big recovery gap in the Entra ID story. Too many important security groups have been deleted in error, much to the chagrin of administrators. https://office365itpros.com/2025/11/11/soft-deleted-security-groups/Version 1.5 of the Microsoft 365 User Password and Authentication Report
The Microsoft 365 User Passwords and Authentication report now includes the last used date for authentication methods (when available). The new data is available through the Graph beta API for listing authentication methods and the equivalent Graph PowerShell SDK cmdlet. Another change that might break scripts is a new way to expose the created date for authentication methods. The changing sands of Graph programming… https://office365itpros.com/2025/11/06/authentication-methods-graph-2/
