@_CyberSamurai_ you are completely right, that you can access your
environment with a stolen token from a unmanaged device.BUT: stealing a
token is much easier from an unmanaged device. So if you allow access
from unmanaged devices, it's not sure, that there is a good endpoint
protection or a patche...
Really keen to start using this, but it's very strange (and a blocker
for us long term) why Australia, New Zealand and Japan are missing from
the available tenant locations.I found a like minded article on learn
that this issue was bought up last year (Unable to establish Entra
tenant for Australia ...
@merillms used to suffice having group ownership to be able to connect
and act only on that group without any other privilege, or am i
mistaken? Edit: Nevermind me. This still is the case with Entra
powershell module, should have tested before opening the mouth
@Deleted Azure AD PowerShell had ALL directory related permission scopes
pre-consented including group member.readwrite.all. It's not least
privilege, which is why the new modules no longer pre-consent.
@JamesC95 at the scenario, yes. An automation, where with azuread was
possible to scope to the target only, and now its a super-powerful SP.
We should be able to do better scoping while using msgraph api.
Latest Comments