Nathan McNulty
@nathanmcnulty.com
Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | πinfosec.exchange@nathanmcnulty
It may not be the most comprehensive testing, but it's pretty awesome kicking off an assessment of all the cmdlets, parameters, etc. and having it verify the results are all in the correct formats, no warnings/errors, etc
About to let it run wild in a dev tenant, wish me luck π
About to let it run wild in a dev tenant, wish me luck π
January 4, 2026 at 4:49 AM
It may not be the most comprehensive testing, but it's pretty awesome kicking off an assessment of all the cmdlets, parameters, etc. and having it verify the results are all in the correct formats, no warnings/errors, etc
About to let it run wild in a dev tenant, wish me luck π
About to let it run wild in a dev tenant, wish me luck π
First of three legs on my way to WPNinjas US in Dallas. Only 13 hours of travel to go... π€ͺ
It'll totally be worth it to see everyone, hopefully help some folks with work, career, and family :)
I'm way behind on planning, so hmu if you're going to be there!
It'll totally be worth it to see everyone, hopefully help some folks with work, career, and family :)
I'm way behind on planning, so hmu if you're going to be there!
December 8, 2025 at 12:04 AM
First of three legs on my way to WPNinjas US in Dallas. Only 13 hours of travel to go... π€ͺ
It'll totally be worth it to see everyone, hopefully help some folks with work, career, and family :)
I'm way behind on planning, so hmu if you're going to be there!
It'll totally be worth it to see everyone, hopefully help some folks with work, career, and family :)
I'm way behind on planning, so hmu if you're going to be there!
lol, sadly I think that's a whole different team, but who knows :p
December 2, 2025 at 9:26 AM
lol, sadly I think that's a whole different team, but who knows :p
Haha, I think @intunesuppteam.bsky.social would know the right folks to help fix that typo :)
December 2, 2025 at 8:37 AM
Haha, I think @intunesuppteam.bsky.social would know the right folks to help fix that typo :)
I often make this mistake with Filter for devices in Conditional Access... and I bet you are doing it too π€ͺ
To target unregistered devices, you probably want to do INCLUDE with trustType/isCompliant NotEquals
Go double check your policies ;)
learn.microsoft.com/...
To target unregistered devices, you probably want to do INCLUDE with trustType/isCompliant NotEquals
Go double check your policies ;)
learn.microsoft.com/...
December 2, 2025 at 2:37 AM
I often make this mistake with Filter for devices in Conditional Access... and I bet you are doing it too π€ͺ
To target unregistered devices, you probably want to do INCLUDE with trustType/isCompliant NotEquals
Go double check your policies ;)
learn.microsoft.com/...
To target unregistered devices, you probably want to do INCLUDE with trustType/isCompliant NotEquals
Go double check your policies ;)
learn.microsoft.com/...
Hey folks, just jumping on a live Entra Chat to talk about all the Ignite announcements with @merill.net, @naunheim.cloud, Martin Sandren, and Ru Campbell!
Come join us at riverside.fm/studio/entra...
Come join us at riverside.fm/studio/entra...
November 21, 2025 at 7:14 PM
Hey folks, just jumping on a live Entra Chat to talk about all the Ignite announcements with @merill.net, @naunheim.cloud, Martin Sandren, and Ru Campbell!
Come join us at riverside.fm/studio/entra...
Come join us at riverside.fm/studio/entra...
Today's letter is brought to you by... :)
Hope whatever spurred this thought is all clear and good β€οΈ
Hope whatever spurred this thought is all clear and good β€οΈ
November 21, 2025 at 5:58 AM
Today's letter is brought to you by... :)
Hope whatever spurred this thought is all clear and good β€οΈ
Hope whatever spurred this thought is all clear and good β€οΈ
SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED π³
November 21, 2025 at 5:51 AM
SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED π³
Nice! It's a huge upgrade, and let me know if you run into any issues - I know the team and might be able to help :)
I also have some cool stuff coming early December that you might like :p
I also have some cool stuff coming early December that you might like :p
November 20, 2025 at 2:38 AM
Nice! It's a huge upgrade, and let me know if you run into any issues - I know the team and might be able to help :)
I also have some cool stuff coming early December that you might like :p
I also have some cool stuff coming early December that you might like :p
Fancy - looks like we'll have the ability to block Agents based on use cases and agent risk
Curious to see if this goes the way of Workload Identity Premium after Preview
Curious to see if this goes the way of Workload Identity Premium after Preview
November 18, 2025 at 9:04 PM
Fancy - looks like we'll have the ability to block Agents based on use cases and agent risk
Curious to see if this goes the way of Workload Identity Premium after Preview
Curious to see if this goes the way of Workload Identity Premium after Preview
Like MDE, I'd expect any Advanced Auditing policies defined by GPO would override these settings
Just turned it on, time to wait and see how conflicts are handled :P
Just turned it on, time to wait and see how conflicts are handled :P
November 18, 2025 at 2:10 AM
Like MDE, I'd expect any Advanced Auditing policies defined by GPO would override these settings
Just turned it on, time to wait and see how conflicts are handled :P
Just turned it on, time to wait and see how conflicts are handled :P
Defender for Identity can now automatically configure Windows Event Auditing on your Domain Controllers when using the new v3 sensor π₯³
learn.microsoft.com/...
learn.microsoft.com/...
November 18, 2025 at 2:10 AM
Defender for Identity can now automatically configure Windows Event Auditing on your Domain Controllers when using the new v3 sensor π₯³
learn.microsoft.com/...
learn.microsoft.com/...
Nice! Not dumb, just sometimes the way they store the data doesn't make any sense when viewed from outside of whatever their internal design/architecture is.
Sometimes there's a good reason for why they did things a certain way, sometimes nobody knows, lol
Sometimes there's a good reason for why they did things a certain way, sometimes nobody knows, lol
November 10, 2025 at 6:05 PM
Nice! Not dumb, just sometimes the way they store the data doesn't make any sense when viewed from outside of whatever their internal design/architecture is.
Sometimes there's a good reason for why they did things a certain way, sometimes nobody knows, lol
Sometimes there's a good reason for why they did things a certain way, sometimes nobody knows, lol
I'll have to look later when I can get some time on my laptop, but look for the Service Principal AppID for Entitlement management: ec245c98-4a90-40c2-955a-88b727d97151
I bet we see this in Audit Logs, but not sure about stored in Graph on the assignments...
I bet we see this in Audit Logs, but not sure about stored in Graph on the assignments...
November 10, 2025 at 5:51 PM
I'll have to look later when I can get some time on my laptop, but look for the Service Principal AppID for Entitlement management: ec245c98-4a90-40c2-955a-88b727d97151
I bet we see this in Audit Logs, but not sure about stored in Graph on the assignments...
I bet we see this in Audit Logs, but not sure about stored in Graph on the assignments...
I bet you would have to use /beta for this
There's a bunch of stuff in here where you have to use both APIs to do things...
Like expiration is only in /beta but you can't do Verified ID in /beta...... So you have to hit /v1.0/ then patch/put /beta/ :-/
There's a bunch of stuff in here where you have to use both APIs to do things...
Like expiration is only in /beta but you can't do Verified ID in /beta...... So you have to hit /v1.0/ then patch/put /beta/ :-/
November 10, 2025 at 5:48 PM
I bet you would have to use /beta for this
There's a bunch of stuff in here where you have to use both APIs to do things...
Like expiration is only in /beta but you can't do Verified ID in /beta...... So you have to hit /v1.0/ then patch/put /beta/ :-/
There's a bunch of stuff in here where you have to use both APIs to do things...
Like expiration is only in /beta but you can't do Verified ID in /beta...... So you have to hit /v1.0/ then patch/put /beta/ :-/
I don't think it differentiates between Active assignment through PIM vs Entra roles
If you are looking only for assignments through Access Packages, I would have to do a lot of digging - those APIs are a mess with inaccurate documentation... :-/
If you are looking only for assignments through Access Packages, I would have to do a lot of digging - those APIs are a mess with inaccurate documentation... :-/
November 10, 2025 at 5:42 PM
I don't think it differentiates between Active assignment through PIM vs Entra roles
If you are looking only for assignments through Access Packages, I would have to do a lot of digging - those APIs are a mess with inaccurate documentation... :-/
If you are looking only for assignments through Access Packages, I would have to do a lot of digging - those APIs are a mess with inaccurate documentation... :-/
Like this?
# Get active assignments
Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get eligible assignments
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get active assignments
Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get eligible assignments
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
November 10, 2025 at 5:41 PM
Like this?
# Get active assignments
Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get eligible assignments
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get active assignments
Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
# Get eligible assignments
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty RoleDefinition,Principal,DirectoryScope -All
Every time I see stuff like this, my reaction is always the same
a man with a beard and mustache is laughing with his mouth open
ALT: a man with a beard and mustache is laughing with his mouth open
media.tenor.com
November 3, 2025 at 11:04 PM
Every time I see stuff like this, my reaction is always the same
We can now change Source of Authority on Contacts as well π₯
Looks like we can change contact SOA using the httpsβ://graphβ.microsoftβ.com/v1.0/contacts API endpoint too :)
Looks like we can change contact SOA using the httpsβ://graphβ.microsoftβ.com/v1.0/contacts API endpoint too :)
November 3, 2025 at 10:24 PM
We can now change Source of Authority on Contacts as well π₯
Looks like we can change contact SOA using the httpsβ://graphβ.microsoftβ.com/v1.0/contacts API endpoint too :)
Looks like we can change contact SOA using the httpsβ://graphβ.microsoftβ.com/v1.0/contacts API endpoint too :)
Unix be like let's just shorten that up a bit - "jek" sounds good π
November 3, 2025 at 12:18 AM
Unix be like let's just shorten that up a bit - "jek" sounds good π
A 138 character cmdlet in a production PowerShell module π«
November 2, 2025 at 9:06 PM
A 138 character cmdlet in a production PowerShell module π«
It's crazy the amount of effort that can go into building enough resiliency :p
October 31, 2025 at 4:43 AM
It's crazy the amount of effort that can go into building enough resiliency :p
Everybody is always worried about emergency access, but what about emergency shutdown? π
October 30, 2025 at 8:55 PM
Everybody is always worried about emergency access, but what about emergency shutdown? π