Category Archives: Security

Automation, EntraID, Powershell, Security

Function to Spot ALL All-User and All-Guest Groups in Entra ID

1 Comment

There are probably many scenario’s where you’d like to identify which Entra groups contain ‘all users’, ‘all guests’ or a combination (all members+all guests).

In my case, I want to use this in M365Permissions, but also needed it for a Maester test to be more precise. It had to be language and implementation agnostic.

M365Permissions uses this mainly for reports that look at oversharing (e.g. when securing a tenant or implementing copilot). But this could also be useful for red/blue teams or any other tenant analysis tooling.

In M365Permissions, I initially looked at the dynamic rule itself, but this is unreliable. Dynamic rules can contain many additional components and can be ordered or written in many ways or the group may have been created without a dynamic rule through e.g. automation.

So I decided to use another approach!

Just get all tenant users from Graph (counts per type).

Then for a given group, look if it matches one of those counts and return a type. Of course, casting members to users to avoid counting devices and looking up membership recursively 🙂

Function: https://github.com/jflieben/assortedFunctionsV2/blob/main/Get-EntraDynamicGroupType.ps1

Automation, Azure, Exchange Online, Identity, M365Permissions, Microsoft Teams, Office 365, OneDrive for Business, PowerBI, Powershell, Security, Sharepoint Online

M365Permissions v1.2.3

1 Comment

Performance improvements and Onenote Notebooks.

Today’s release has a ‘special guest’; Morten (blog)! He completely rewrote the entra user and group retrieval code, greatly improving both performance and total capacity!

Other changes of note:

  1. Add support for Onenote Notebook sharing permissions
  2. Treat anonymous sharing links as ‘deleted’ if the sharing level at the site forbids anonymous sharing

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

EMS, Intune, Powershell, Security

Setting NTFS permissions on a Folder through Intune

1 Comment

Although I found a good example/article on how to set modify permission through Intune, I wanted to use more of a desired state configuration type remediation where inheritance is removed and all defined ACL’s are exclusively applied to a given folder and all child folders/files. It also includes creating the folder if it isn’t there yet, which can be useful for certain legacy applications 🙂

Without further ado here’s the detection script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/detect.ps1

And here is the remediation script:

https://github.com/jflieben/assortedFunctionsV2/blob/main/NTFSPermissionRemediation/remediate.ps1

Run in SYSTEM context unless you unwisely made all your users local admins 😉

Automation, Azure, Exchange Online, Identity, M365Permissions, Microsoft Teams, Office 365, OneDrive for Business, PowerBI, Powershell, Security, Sharepoint Online

M365Permissions v1.2.2

Leave a comment

Are you also curious about all those PowerApps and Flows in your environment? Orphaned ones maybe? Or when someone leaves the company?

1.2.2 adds scanning of PowerApps and Flows! Only when using SPN auth. (setup instructions)

In addition to that, I’ve also added provisional support for scans of tenants in USGOV, USDOD and China. Since I don’t have a test tenant there, I’ll have to rely on you to test how it performs there.

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

Automation, Azure, Exchange Online, Identity, M365Permissions, Microsoft Teams, Office 365, OneDrive for Business, PowerBI, Powershell, Security, Sharepoint Online

M365Permissions v1.2.1

Leave a comment

Yes, we finally have Microsoft Azure! All active and eligible permissions are in scope from the subscription level and below.

If you use a service principal for scanning, be sure to assign read permissions for it to all subscriptions (or lower level resource groups) you want it to index.

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery