Loading...

ExO RBAC improvements #1: Limiting application access

ExO RBAC improvements #1: Limiting application access

In light of the robustness of Exchange's permission model, the Azure AD role-based access control (RBAC) model follows similar principles. The RBAC model is customizable to meet individual granular needs but has some issues. One notable issue is the concept of granting applications seemingly broad access. This article discusses the importance of limiting such access and how to go about it. If you're interested in learning more about how to harness the power of RBAC to enhance your security posture, this article is a great starting point.

Continue reading ExO RBAC improvements #1: Limiting application access

Published on: January 09, 2023

Michev

Michev

Share post:

Related posts

Retirement of RBAC Application Impersonation in Exchange Online

Moving ahead, Microsoft has announced the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online....

4 months ago

Microsoft Purview compliance portal: Audit – Granular scoping with role-based access control (RBAC)

Microsoft Purview Compliance Portal is set to release an update in October 2023 that allows IT departments to delegate role-based permissions ...

10 months ago

ExO RBAC improvements #2: Support for administrative units

Microsoft's Azure Active Directory (AD) utilizes administrative units (AUs) as the equivalent to an organizational unit (OU). They have been a...

1 year ago

ExO RBAC improvements #3: Limiting access in CBA scenarios

Exchange Online PowerShell's certificate-based authentication (CBA) was rolled out as a solution to enable users to automate the execution of ...

1 year ago

ExO RBAC improvements #1: Limiting application access

This post sheds light on the first of many upcoming improvements related to role-based access control (RBAC) in ExO (Exchange Online). ExO (Ex...

1 year ago

ExO RBAC improvements #2: Support for administrative units

In Azure Active Directory (Azure AD), administrative units are the equivalent of organization units (OUs) and have been a key part of Azure AD...

1 year ago

ExO RBAC improvements #3: Limiting access in CBA scenarios

If you are using Certificate-based authentication (CBA) for Exchange Online PowerShell, then this post highlights some RBAC improvements to li...

1 year ago

Azure AD custom roles with support for granular User management permissions

Role-based Access Control (RBAC) has been a priority for Microsoft across Azure AD and Microsoft 365 in recent years. While some Microsoft wor...

1 year ago

Microsoft Purview | Audit: Granular scoping with role-based access control (RBAC)

In today's world of large organizations, IT departments delegate some of their day-to-day tasks to specific people or roles in the organizatio...

1 year ago

Blog image

Michev

More from this blog

Granular permissions for working with files, list items and lists added to the Graph API!

Microsoft has extended their permissions model for working with files, list items and lists within t...

How to properly filter for specific enabled services via the Graph API/SDK

The limited (and convoluted) filter capabilities of the Graph API have lead to scenarios where peopl...

How to hard-match Entra ID users via the Graph API or the Graph SDK for PowerShell

A short article on how to use the Graph API methods or the corresponding Graph SDK for PowerShell cm...

Less known Graph API endpoints you can use to ensure compliance with CIS benchmark

In this article we will introduce you to some less known Graph API endpoints and methods (as well as...

How to fetch data for reports Microsoft is yet to provide Graph API endpoints for

Microsoft 365 offers a vast range of reports to help users gain insights into data. However, Microso...

Some ramblings around Continuous access evaluation, support for Graph and service principals

This article delves into the topic of Continuous Access Evaluation and its support for Graph and ser...

How to manage Entra ID delegate permissions for specific users

If you're looking for a way to manage delegate permissions on a per-user basis for any Entra ID inte...

Remove User from All Microsoft 365 Groups and Roles via Graph API

If you're looking for an efficient way to remove users from all the groups they belong to, this Powe...

Changes in Set-UnifiedGroup result in lack of proper audit trail

Recently, we've noticed that calling the Set-UnifiedGroup cmdlet with certain parameters no longer g...

How to manage email addresses for Microsoft 365 Groups

I set to test claims that the email address(es) of a Microsoft 365 Groups can be managed via the Gra...

Relevant topics:

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!

* Yes, I agree to the privacy policy