On this publish, I’ll clarify how you should use the PowerShell SDK for Microsoft Graph to analyze Dangerous Customers in your Azure Energetic Listing. I can even present you the way to use PowerShell to attach on to the Microsoft Graph and question the information from there. With the ability to question for riskDetections, dangerous customers, and sign-ins, lets you automate alerts or actions every time a person will get flagged in your danger coverage.
Utilizing Microsoft Graph PowerShell SDK to question danger detections
Microsoft is engaged on a PowerShell SDK for working with the Microsoft Graph API. This makes it extraordinarily straightforward to question knowledge from the API, with none extra profound information of the way to work with API’s. The SDK gives totally different PowerShell cmdlets as a substitute of getting to make totally different HTTP calls to an endpoint.
Connecting with the PowerShell SDK
First, you will want to obtain the PowerShell SDK or PowerShell Module. To do that run the next command in your PowerShell terminal
|
|
Now as a result of the Microsoft module we can be utilizing is in preview you will want to vary the PowerShell SDK to make use of the “Beta” profile. To do that it’s essential run the command:
|
|
Then as soon as the module is put in, and you’ve got chosen the beta profile, you will want to connect with the Graph API with an admin account after which consent to the next permissions:
- IdentityRiskyUser.Learn.All
- IdentityRiskyUser.ReadWrite.All
To do that you possibly can run the next command:
|
|
This may open a browser and you’ll be prompted to check in with an admin account. When you check in you’ll be requested to grant permissions to Microsoft Graph Powershell. Click on on “Settle for” to proceed.
Downloading the Microsoft Preview Module For Dangerous Customers
To obtain the Microsoft Preview Module you will want to start out by cloning the repository to your PC.
|
|
Then navigate to the folder the place the module is situated:
|
|
Then you possibly can import the Module instructions into your PowerShell classes:
|
|
You may see out there instructions by operating:
|
|
output:
|
|
Querying all of the dangerous customers
Now to get all customers with an elevated danger that had been up to date within the final 30 days you possibly can run the next command:
|
|
Output:
|
|
You can too specify the parameter “-RiskLevel” to outline that you just solely wish to question Customers with a “Excessive Danger”.
Dismiss or Verify the Person Danger for a person
You can too use the PowerShell Module for dismissing a person’s danger degree.
To do that I’ll begin by querying for dangerous customers, however this time I’ll Choose the property “Id” as properly to get the person’s Id.
|
|
This may output:
|
|
You may then seize the Id of the person you wish to dismiss the person danger degree from and use it within the following command:
|
|
And simply in addition to you possibly can dismiss the person danger you may as well Verify a compromised person with the command:
|
|