Scenario: You use the Microsoft Graph Explorer tool to test a query. It requires you to consent to a permission so you use your admin account to do this. However, you click the check box to consent for the entire organization… woops! You did not mean to give everyone permissions for “AuditLog.Read.All” so now you need to revoke this permission. The easiest way to revoke consent is to just delete…
Read MoreMicrosoft Graph PowerShell SDK – Use Client Secret instead of Certificate for Service Principal login
The AAD Graph PowerShell SDK allowed you to use a client secret for the Application only ( Service Principal ) login flow – also known as the client_credentials grant flow. The documentation for the new Microsoft Graph PowerShell SDK does not tell you how to use a client secret but instead, uses the more secure certificate method for the flow: Use app-only authentication with the Microsoft Graph PowerShell SDK |…
Read MoreHow to Solve Failed Authentication After Publishing App to Google Play Store
Issue Description You successfully implemented Azure AD Authentication in your Android app with the Microsoft Authentication Library. The application built and executed perfectly and passed all QA testing with flying colors. And then you published the application on Google Play. And authentication doesn’t work after installing the app. If you exposed authentication error messages to the user, or had them sent to your team, then you might see an error…
Read MoreRetrieve Schema Extension Values for Devices from PowerShell
You can create complex schema extension properties for devices and then retrieve those specific properties from PowerShell. This blog post will walk you through how to do this. I created an app registration in my tenant to be the owner of my device schema extension following these instructions but for devices: Add custom data to groups using schema extensions – Microsoft Graph | Microsoft Docs One thing to point out…
Read MoreHow to use Microsoft Graph SDK for PowerShell to update a registered Device’s Extension Attribute
Below is a sample PowerShell script showing how to update a registered device’s extension attribute. The sample uses extensionAttriubte3. You can easily swap this out to a different one. Refer to the Update Device documentation for more info. Note: The above device update operation requires the signed in user to be in either the Intune Administrator role or Global Administrator role.
Read MoreHow to get and update Directory Schema Extension Attributes with the Microsoft Graph .Net SDK
Microsoft Graph Directory Schema Extensions are a convenient way to store additional data on certain objects such as users or groups. You can read about them here. This blog post is assuming you have already registered an extension and now you’re looking to be able to retrieve the extension and values for a user ( I will use a user object as an example ) or update the value using…
Read MoreHow to enable MSAL for Java (MSAL4J) logging in a Spring Boot application
In this blog, I’ll show how to enable MSAL4J logging using the logback framework in a spring boot web application. I’ll use our Azure AD B2C web sample here. The complete code for this blog is on github. Refer to the MSAL for Java logging documentation for more info. There are 3 main things you need to do for logging to work 1) Include the logback package in the pom.xml…
Read MoreUse the Microsoft.Graph PowerShell SDK to get a list of Devices that do not have BitLocker Recovery Keys
As you may be aware, the AzureAD powershell module is being deprecated at the end of the year along with the AD Graph endpoint. As a result, all customers need to migrate their code to the Microsoft Graph endpoint. This blog post will show you how to use the Microsoft.Graph PowerShell module to get a list of devices that do not have a BitLocker Recovery key in Azure. This would…
Read MoreUsing AdditionalData property in Microsoft Graph SDK for .Net
The AAD Directory Object classes in Microsoft Graph SDK for .Net have a generic property called ‘AdditionalData’ that can be used to send and receive data in the json payload. In certain scenarios where the regular class members are not available in the SDK we can still set their values via AdditionalData property. An example of this is to create a group that has resourceBehaviorOptions attribute (array of strings) populated…
Read MorePython Scripts may be detected as web-crawler when making Microsoft Graph requests.
Sometimes, a python script that is making Microsoft Graph requests may be detected by the gateway as a web-crawler if you are using a pool manager and block the request. The error will look similar to this: {‘error’: {‘code’: ‘UnknownError’, ‘message’: ‘\r\n403 Forbidden\r\n\r\n 403 Forbidden \r\n Microsoft-Azure-Application-Gateway/v2 \r\n\r\n\r\n’, ‘innerError’: {‘date’: ‘{UTC Date/Time}’, ‘request-id’: ‘{guid}’, ‘client-request-id’: ‘{guid}’}}} To overcome this issue the easiest way is to use the MS Graph SDK…
Read More