Assistance with access revocation using MSGraph (lemmy.dbzer0.com)

submitted 1 year ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Microsoft's documentation for revoking user access from Azure AD currently references cmdlets from the AzureAD PowerShell module, which will be deprecated on June 30th.

Microsoft reccomends using the MSGraph module or API as a replacement for the AzureAD module, but I'm having a hell of a time with it.

I'm trying to figure out how to use PoweShell to wipe corporate data off a user's BYODs, and I'm stuck trying to get a list of a user's BYODs through Graph. Ultimately this will be part of automation kicked off when a user leaves the company.

Queries for devices and managed devices for a given user seem to be missing devices that are shown through Azure Portal when looking at a user in Azure AD and then looking at their devices. The query for deleting data is also unclear in whether it wipes the whole device or just corporate data.

Does anyone have any resources or guidance on this? Most of what I'm finding is outdated or too vague for me to be comfortable utilizing it.

top 1 comments

sorted by: hot top controversial new old

[-] [email protected] 1 points 1 year ago

Been a bit since I've messed with MSGraph, but I remember it being a pain. If you're not comfortable with it, maybe use a dummy device like a VM and test user and see what it wipes?

If I remember correctly, they had a lot of similar items under different modules which made it hard to figure out.

this post was submitted on 25 Jun 2023

7 points (100.0% liked)

Sysadmin

7317 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago

MODERATORS

[email protected]