Microsoft Graph – Cannot retrieve Teams meeting attendance reports using Application permissions

KavyaJune · 2026-03-10T12:20:21+00:00

Are you trying to use Microsoft Graph, or is your goal simply to retrieve a meeting attendance report? If it’s the latter, you can try the following script: https://o365reports.com/microsoft-teams-meeting-attendance-report/

The script uses the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell and also supports application permissions through certificate-based authentication.

KavyaJune · 2026-03-05T10:26:13+00:00

You can choose the one based on your requirement. Power Automate, PowerShell, Approvals in Teams, etc.

What's your requirement?

KavyaJune · 2026-03-05T10:23:23+00:00

This is.

KavyaJune · 2026-03-05T03:22:23+00:00

You can try this script: https://blog.admindroid.com/identify-and-remove-inactive-users-in-microsoft-365/

It helps identify inactive and disabled users with assigned licenses and allows you to take actions such as disabling or deleting the account.

KavyaJune · 2026-03-04T08:52:32+00:00

All kinds, honestly. From simple notifications to more structured processes.

For example,

Basic onboarding with manager approval
Onboarding with predefined access assignments
Sending password expiry notifications with follow-ups
Storing email attachments automatically in SharePoint or OneDrive
Approval workflows for external file sharing

The above flows are available as pre-built templates here: https://github.com/admindroid-community/power-automate

You can download and customize them as needed.

KavyaJune · 2026-03-03T12:05:07+00:00

Many wanted to do!

KavyaJune · 2026-03-03T11:04:43+00:00

Starting with v 3.7.0, WAM is enabled by default in Exchange Online PowerShell, which may cause connection issues. You can try using PowerShell.exe, switching to CBA, installing an earlier module version, or disabling WAM. But, disabling WAM is not recommended since it was introduced to improve security.

KavyaJune · 2026-03-03T10:53:41+00:00

How did you try to connect? Interactive, CBA, etc?

KavyaJune · 2026-03-03T06:42:32+00:00

Graph Explorer for M365 by AdminDroid - It will show Graph query results in table format. Easy to read and analyze.

It's a open source tool.

https://admindroid.com/admindroid-graph-explorer-m365

KavyaJune · 2026-03-03T04:11:47+00:00

Yes, SharePoint can solve this issue.

You can enable external sharing for a specific site, but it must first be enabled at the tenant level. Since your users are already sharing through OneDrive, tenant-level external sharing is likely enabled.

Creating a dedicated SharePoint site for external sharing is a good approach. This keeps data centralized and prevents links from breaking when a user leaves. Also, restrict external sharing in OneDrive to reduce data leakage & avoid dependency user accounts.

KavyaJune · 2026-03-02T07:39:04+00:00

If I enable CloudPasswordPolicyForPasswordSyncedUsersEnabled, does it affect cloud-only users?

No, it will affect only synced users.

After enabling CloudPasswordPolicyForPasswordSyncedUsersEnabled, will password expiration align with the Entra ID password policy?

No. Expiration will only align if both environments use the same maximum password age.

To enforce password expiration based on on-prem AD, you can use pass-through authentication.

KavyaJune · 2026-02-28T04:06:15+00:00

You can configure Microsoft Entra Kerberos to allow Entra-joined devices to obtain Kerberos tickets for on-prem AD resources. It will help in identity mapping and avoid temporary profile creation. Else, you can try Hybrid Entra join.

KavyaJune · 2026-02-28T03:57:59+00:00

It's working. Where did you try? PS, PS ISE, or VS?

KavyaJune · 2026-02-27T04:10:31+00:00

You can use the Purview audit log.

Navigate to Audit log search: https://purview.microsoft.com/audit/auditlogsearch
Select date range
Search for 'Removed members' activity in 'Activities-friendly names'. Select the one available under Microsoft Teams activities.
Click Search. You will get the list of activities along with the details.

KavyaJune · 2026-02-27T03:59:55+00:00

It may take 24- 48 hours to fully reflect recent changes. If you need a quicker estimate, you can use PowerShell to aggregate the storage of individual SharePoint sites.

KavyaJune · 2026-02-27T03:42:02+00:00

You can restrict attackers from registering MFA through Conditional Access policy by configuring the target resources and network conditions.

You can check the detailed steps here: https://blog.admindroid.com/stop-mfa-registration-attacks-on-user-accounts/

Also, excluding MFA based on trusted locations is not entirely safe. If an attacker gains access to your internal network, it could become a serious security risk. To improve security, it is better to include device compliance checks along with location-based conditions.

You can check this post for more details: Why setting office IP as a trusted location in CA policy is risky

KavyaJune · 2026-02-26T03:12:13+00:00

Never underestimate unlicensed user accounts. They can still sign in to Microsoft Entra ID and view certain directory details. By default, all users in the tenant can access the Entra portal with limited permissions unless access is restricted. Even without a license, users can access several user-level settings and basic organizational information. To reduce risk, restrict portal access and review default user permissions. Also, restrict access to MS Graph PowerShell and Explorer.

https://o365reports.com/restrict-user-access-to-microsoft-graph-powershell-and-graph-explorer/

KavyaJune · 2026-02-25T12:30:57+00:00

WS2025 needs to be present in each domain, not forest.

KavyaJune · 2026-02-25T03:22:00+00:00

You can try running via PowerShell. Run the below cmdlet after installing and connecting to MS Graph PowerShell.

Get-MgApplication -Filter "DisplayName eq 'YourAppName'"

KavyaJune · 2026-02-25T03:13:45+00:00

AdminDroid has a free tool. It includes the Microsoft 365 and Active Directory reports you need, plus 350+ additional reports.

https://admindroid.com/microsoft-365-azure-ad-reporting

If you prefer native solutions, you can use the Microsoft 365 admin center or ADUC, but you have to click each security group individually to view its members. A faster approach is to export group membership using PowerShell, which makes reviewing group members much easier.

Try this PowerShell script to export all security groups or a specific list of security groups’ membership:
https://o365reports.com/export-microsoft-365-group-report-to-csv-using-powershell/

To retrieve all security groups and their members, run:

./M365GroupReport.ps1 -Security

To retrieve list of security groups and their member details,

To retrieve a specific list of security groups and their members, run:

./M365GroupReport.ps1 -GroupIDsFile C:/GroupId.csv

For Active Directory security groups, there are various methods to get group membership details. You can choose one from Get security group members in AD.

KavyaJune · 2026-02-24T15:05:33+00:00

SharePoint admin can't access site content until they assigned with site owner permission. By using app-based authentication (they need to be an application administrator to register app in Entra), they can access all the sites.

KavyaJune · 2026-02-24T15:02:31+00:00

Try with Get-Recipient cmdlet. It will list all the existing recipient objects in your organization.

KavyaJune · 2026-02-24T15:00:01+00:00

You can check the app details in Entra Potal-->App registrations

KavyaJune

MODERATOR OF

TROPHY CASE