Loading...

Some ramblings around Continuous access evaluation, support for Graph and service principals

Some ramblings around Continuous access evaluation, support for Graph and service principals

This article delves into the topic of Continuous Access Evaluation and its support for Graph and service principals. The author explores whether the Graph resource supports CAE and how long-lived CAE tokens are issued. They also consider whether accepting additional risk for CAE is worth it in certain scenarios.

However, the article also highlights the potential dangers of using CAE-capable service principal, particularly in situations where they may be compromised. The author notes that the support for revocation of such service principals is unclear, leaving room for potential security vulnerabilities.

If you are a security professional working with Continuous Access Evaluation or Graph resources, this article provides valuable insights and considerations for ensuring secure access management.

Continue reading this article on https://www.michev.info.

Published on: May 22, 2024

Michev

Michev

Share post:

Related posts

Microsoft Entra Private Access for on-prem users

The emergence of cloud technology and the hybrid work model has brought along new network security challenges, as the traditional virtual priv...

2 months ago

Expert Tips for Managing OneLake Data Access in Microsoft Fabric

If you're looking for expert tips on managing OneLake data access within Microsoft Fabric, this post can help you learn how to control user ac...

2 months ago

Microsoft Copilot (Microsoft 365): Insider Risk Management – Microsoft Purview capabilities in Copilot for Security

This article explores how Microsoft Purview capabilities in Copilot can be used for insider risk management, providing security teams with unp...

3 months ago

Microsoft Purview compliance portal: Insider Risk Management- OCR support in Insider Risk Management

Microsoft has announced an update to its Purview Insider Risk Management platform that enhances its scanning capabilities by adding Optical Ch...

10 months ago

Continuous Access evaluation – IP Location change

This video discusses the integration of Continuous Access Evaluation (CAE) with Power Platform Dataverse environments, enabling continuous eva...

1 year ago

Microsoft Purview compliance portal: Insider Risk Management – OCR support in Insider Risk Management

Microsoft Purview Insider Risk Management is about to receive a new feature that will support Optical Character Recognition (OCR) scanning tec...

1 year ago

Episode # 85 – What’s the best to manage Azure Conditional Access Policies?

In this episode, the focus is on Azure Conditional Access Policies and the best way to manage them. The podcast delves into the intricacies of...

1 year ago

Securing Backend APIs Using Azure API Management Policies (Part 2)

In this second part of the tutorial series, we'll explore policy expressions and how they can be used to regulate API access and safeguard bac...

2 years ago

Azure Active Directory Conditional Access

If you want to know more about Conditional Access in Azure Active Directory, this podcast episode is a must-listen. In this episode, Daniel Wo...

2 years ago

Module 2: Access Tokens | Microsoft Graph Fundamentals for Beginners

If you're looking for an overview of access tokens in the context of Microsoft Graph, you've come to the right place. This video tutorial expl...

2 years ago

Blog image

Michev

More from this blog

Report on externally shared files via the Graph API

An updated version of my "proof of concept" script to report on any and all externally shared files ...

Granular permissions for working with files, list items and lists added to the Graph API!

Microsoft has extended their permissions model for working with files, list items and lists within t...

How to properly filter for specific enabled services via the Graph API/SDK

The limited (and convoluted) filter capabilities of the Graph API have lead to scenarios where peopl...

How to hard-match Entra ID users via the Graph API or the Graph SDK for PowerShell

A short article on how to use the Graph API methods or the corresponding Graph SDK for PowerShell cm...

Less known Graph API endpoints you can use to ensure compliance with CIS benchmark

In this article we will introduce you to some less known Graph API endpoints and methods (as well as...

How to fetch data for reports Microsoft is yet to provide Graph API endpoints for

Microsoft 365 offers a vast range of reports to help users gain insights into data. However, Microso...

How to manage Entra ID delegate permissions for specific users

If you're looking for a way to manage delegate permissions on a per-user basis for any Entra ID inte...

Remove User from All Microsoft 365 Groups and Roles via Graph API

If you're looking for an efficient way to remove users from all the groups they belong to, this Powe...

Changes in Set-UnifiedGroup result in lack of proper audit trail

Recently, we've noticed that calling the Set-UnifiedGroup cmdlet with certain parameters no longer g...

Relevant topics:

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!

* Yes, I agree to the privacy policy