Announcements!

  • The Right Way to Replace the Remove-SPOExternalUser Cmdlet
    Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend using Remove-AzureADUser as a replacement. It’s a bad call because that cmdlet is part of a now-retired and soon to be deprecated module. Overall, recommendations like this make you think that Microsoft doesn’t know what’s happening across the whole of Microsoft 365. And you might be right.
  • PowerShell Elevation of Privilege Vulnerability
    This one affects all Windows versions all the way back to Windows Server 2012, so be sure to get the cumulative updates installed. CVE-2024-38047 and CVE-2024-38043 are also PowerShell Elevation of Privilege Vulnerabilities included in the cumulative patches this month.

Blogs, Articles, and Posts

  • Audit Group Policy changes in the event log using XML queries and PowerShell
    Custom views in the Event Viewer allow you to filter the metadata of log entries based on various criteria. However, these filters do not assess the content of the log entry messages. To evaluate the log messages, you can extend filters using an XPath query. The examples below demonstrate how to audit Group Policy changes with XML queries, which you can further process with PowerShell.
  • Search and delete Copilot data in Microsoft 365
    Managing and deleting unnecessary Copilot data from Microsoft 365 is essential for reducing security risks and ensuring compliance with data protection laws like GDPR and HIPAA. This blog post will guide you through the steps to search for and delete Copilot data using eDiscovery, Graph Explorer, and PowerShell. Following these steps can enhance data hygiene and safeguard your organization against potential data breaches and legal issues.
  • PowerShell: Measure Objects (Count, Average, Sum …)
    The Measure-Object cmdlet counts objects. But it can do even more. We can calculate the sum, the average and much more. In this blog post I show a few examples with Measure-Object.
  • Office Connectors Retirement for Teams
    In June, Microsoft retired Office Connectors for SharePoint Online and Microsoft 365 Groups. Starting on August 15, they’re retiring connectors for Teams. The problem is finding out which teams and channels have configured connectors. That’s when PowerShell comes in handy, as we prove with a script to report which teams have connectors.
  • Using Pop-Location and Push-Location in PowerShell
    At PSConfEU, somebody asked me if I used Pop-Location and Push-Location. Well, I know it’s there, but no. :) In this blog post, I will show you how to use it and that it might come in handy!
  • ViperSoftX malware covertly runs PowerShell using AutoIT scripting
    The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. […]
  • Low Space on EFI (System) Partition – Clean up
    Hey folks, this seems like a topic that keeps coming up, despite the fact I had assumed everyone was creating large EFI volumes (984MB) by now, but I keep finding folks who have 100MB and run into issues.
  • Practical PowerShell: Error Handling
    Writing PowerShell scripts can be a fulfilling task. After all, you write something to assist with a task or procedure so you can focus on the result, not the task itself. But what if your script tries to run an action and is unsuccessful, for example, when a user the script attempts to manipulate is invalid or the signed in account has insufficient permissions to run a cmdlet? And do not forget the peculiarities of the online world, such as a network connection dropping or an authentication token expiring.
  • Mediator Pattern using PowerShell
    The Mediator Design Pattern centralizes communication, reducing dependencies & improving maintainability. Instead of direct interactions, objects use a mediator.

Continued in the comments due to post character limits

Check out psweekly.dowst.dev for all past editions as well as a searchable archive.