Skip to content

Logic Apps

A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

I’ve learned something new today. Hear me out. Up until now, sending emails using managed identities trough Graph API was a bit of a hassle. You needed to grant access using Graph API or Powershell first, but before you could do that, you needed to find the correct IDs for Graph API, the Managed Identity, and the permission itself. Lucky for us, Jan Vidar spoiled us with this nice blog post, which I used pretty often. Next, you would end… 

Read More »A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

How to create a Temporary Access Pass using Logic Apps

Now that more and more organizations are moving towards passwordless, a Temporary Access Pass becomes indispensable for onboarding and recovery. Using Logic Apps (or Power Automate), organizations can automate and integrate the creation of Temporary Access Passes in their current IT processes. Logic Apps can be triggered from customer service tools like ServiceNow or TOPdesk, to start fully automated workflows. In this blog post, you will learn how to create a Temporary Access Pass in Entra ID using Logic Apps,… 

Read More »How to create a Temporary Access Pass using Logic Apps

Mailbox usage reports, Graph API, and Logic Apps. What’s not to like?

Exchange Online does a pretty good job when it comes to alerting on mailbox storage. Exchange Online provides three kinds of notifications when a user’s mailbox is nearing or at capacity: And still, we find ourselves getting helpdesk tickets about mailboxes that can no longer send or receive email. It’s time to dive into the Exchange Storage reports. A good report can be downloaded from the Microsoft 365 admin center, but that is a manual action. What if we could… 

Read More »Mailbox usage reports, Graph API, and Logic Apps. What’s not to like?

How to keep track of changes on Microsoft Docs & Learn?

When working with cloud services like Microsoft 365 or Azure Active Directory in particular, it’s very important to stay on top of new features and/or product changes. As you might know, the documentation for these services is stored on GitHub. This is where those changes will often reflect. I was inspired by the post of Albert-Jan Schot (Get notified for PnP updates from GitHub · CloudAppie), where he explained how to use the GitHub REST API to keep track of… 

Read More »How to keep track of changes on Microsoft Docs & Learn?

Automate issuing Temporary Access Pass for joiners with LifeCycle Workflows

On September 30th, 2022, Pim Jacobs and I did a session on the brand new Lifecycle Workflows feature in Azure AD Identity Governance. During that session, I did a demo showing the integration with Logic Apps. Using this extension, I could use the Graph API to create a new Temporary Access Pass for a new hire, 7 days before the first workday. This post will describe the steps to build the solution. Introduction to LifeCycle Workflows First, let us quickly… 

Read More »Automate issuing Temporary Access Pass for joiners with LifeCycle Workflows

Use Microsoft Graph Security for end-user notifications

In this short blog post, I want to show how you can use the Microsoft Graph Security to send alerts and notifications to your end-users. I also want to show you that it is super easy to set up. All you need is: Power Automate or Logic Apps Microsoft Graph Security Connector (premium) Microsoft Teams or Email connector to send the messages One of the (Microsoft) security products to work with like Cloud App Security or Identity Protection Microsoft Graph… 

Read More »Use Microsoft Graph Security for end-user notifications

Bulk dismiss risky users with Power Automate or Logic Apps

Update 08-10-2020: Microsoft released an official connector for Azure AD Identity Protection. This would be much easier to use, since you don’t have to create a service principal to authenticate the custom connector. However, at the time of writing the official connector does not have the action to get all the risky users. Will keep an eye on things. This blog was inspired by an Azure AD Mailbag blog about Azure AD Identity Protection. In the article, Microsoft provided a… 

Read More »Bulk dismiss risky users with Power Automate or Logic Apps

Prepopulate phone methods using a Custom Connector in Power Automate

Part 2 – Automation In the previous blog post of this series, I’ve shown you the use of the Graph API and how you could manually populate the phone methods for your users. Today, we are going to take it a step further. We’re going to add some automation with Power Automate by using a custom connector. What are we building? Today we are going to add a phone method for all your users using Power Automate and a custom… 

Read More »Prepopulate phone methods using a Custom Connector in Power Automate

Prepopulate phone methods for MFA and SSPR using Graph API

Part 1 – Graph API What is the number one task if we want to protect our identity? Right. Turn on MFA.What is the number one task our helpdesk is busy with all day (and night)? Right. Password Resets.What is the number one struggle when we want to implement security? Right. User experience.So, what are you gonna get by reading this blog post? Some light at the end of the tunnel. Buckle up! What’s the case here? I start at… 

Read More »Prepopulate phone methods for MFA and SSPR using Graph API

Use Power Automate as your Conditional Access Police Department

Last week, I was working on a new blog for the Secure Score Series regarding global admin and break glass accounts. I came to the point where I was thinking of possible scenarios that could go wrong with these accounts. What if someone accidentally added these users to a certain group? What if that group would be triggered in some policy or maintenance tasks? A lot of these actions can be discovered using Microsoft Cloud App Security and Azure Monitor.… 

Read More »Use Power Automate as your Conditional Access Police Department