Microsoft Graph PowerShell SDK – Use Client Secret instead of Certificate for Service Principal login

The AAD Graph PowerShell SDK allowed you to use a client secret for the Application only ( Service Principal ) login flow – also known as the client_credentials grant flow. The documentation for the new Microsoft Graph PowerShell SDK does not tell you how to use a client secret but instead, uses the more secure certificate method for the flow: Use app-only authentication with the Microsoft Graph PowerShell SDK |…

Read More

How to Solve Failed Authentication After Publishing App to Google Play Store

Issue Description You successfully implemented Azure AD Authentication in your Android app with the Microsoft Authentication Library. The application built and executed perfectly and passed all QA testing with flying colors. And then you published the application on Google Play. And authentication doesn’t work after installing the app. If you exposed authentication error messages to the user, or had them sent to your team, then you might see an error…

Read More

Retrieve Schema Extension Values for Devices from PowerShell

You can create complex schema extension properties for devices and then retrieve those specific properties from PowerShell. This blog post will walk you through how to do this. I created an app registration in my tenant to be the owner of my device schema extension following these instructions but for devices: Add custom data to groups using schema extensions – Microsoft Graph | Microsoft Docs One thing to point out…

Read More

How to use Microsoft Graph SDK for PowerShell to update a registered Device’s Extension Attribute

Below is a sample PowerShell script showing how to update a registered device’s extension attribute. The sample uses extensionAttriubte3. You can easily swap this out to a different one. Refer to the Update Device documentation for more info. Note: The above device update operation requires the signed in user to be in either the Intune Administrator role or Global Administrator role.

Read More

How to get and update Directory Schema Extension Attributes with the Microsoft Graph .Net SDK

Microsoft Graph Directory Schema Extensions are a convenient way to store additional data on certain objects such as users or groups. You can read about them here. This blog post is assuming you have already registered an extension and now you’re looking to be able to retrieve the extension and values for a user ( I will use a user object as an example ) or update the value using…

Read More

How to enable MSAL for Java (MSAL4J) logging in a Spring Boot application

In this blog, I’ll show how to enable MSAL4J logging using the logback framework in a spring boot web application. I’ll use our Azure AD B2C web sample here. The complete code for this blog is on github. Refer to the MSAL for Java logging documentation for more info. There are 3 main things you need to do for logging to work 1) Include the logback package in the pom.xml…

Read More

Use the Microsoft.Graph PowerShell SDK to get a list of Devices that do not have BitLocker Recovery Keys

As you may be aware, the AzureAD powershell module is being deprecated at the end of the year along with the AD Graph endpoint. As a result, all customers need to migrate their code to the Microsoft Graph endpoint. This blog post will show you how to use the Microsoft.Graph PowerShell module to get a list of devices that do not have a BitLocker Recovery key in Azure. This would…

Read More

Using AdditionalData property in Microsoft Graph SDK for .Net

The AAD Directory Object classes in Microsoft Graph SDK for .Net have a generic property called ‘AdditionalData’ that can be used to send and receive data in the json payload. In certain scenarios where the regular class members are not available in the SDK we can still set their values via AdditionalData property. An example of this is to create a group that has resourceBehaviorOptions attribute (array of strings) populated…

Read More

Python Scripts may be detected as web-crawler when making Microsoft Graph requests.

Sometimes, a python script that is making Microsoft Graph requests may be detected by the gateway as a web-crawler if you are using a pool manager and block the request. The error will look similar to this: {‘error’: {‘code’: ‘UnknownError’, ‘message’: ‘\r\n403 Forbidden\r\n\r\n 403 Forbidden \r\n Microsoft-Azure-Application-Gateway/v2 \r\n\r\n\r\n’, ‘innerError’: {‘date’: ‘{UTC Date/Time}’, ‘request-id’: ‘{guid}’, ‘client-request-id’: ‘{guid}’}}} To overcome this issue the easiest way is to use the MS Graph SDK…

Read More

Download the user signInActivity from the beta endpoint using Microsoft Graph Powershell module.

You can use the Microsoft Graph Powershell module to download last sign in date / time for users from the Beta endpoint ( the signInActivity is currently not available in v1.0 ) and save the list to a .csv file. You must have the Microsoft Graph powershell module installed. This document will help you get started. My powershell script:

Read More