Field notes & the long way round.
Mostly tutorials on Microsoft 365 identity, occasional trip reports, and the odd microblog. Posts are tagged so you can filter to the technical ones — or skip straight to the hills.
TIL: Get-MgContext shows the scopes you actually got
A two-line check that saves you from debugging a permissions error the hard way.
Read the postA round of the Loch Avon basin in low cloud
Eleven kilometres around one of the Cairngorms' great hollows, most of it inside a cloud. A navigation day more than a views day.
Microsoft kills basic auth, finally. Some thoughts.
A short reaction to a long-awaited removal — and the thing that comes next, which nobody is talking about yet.
A Conditional Access policy that even the help desk understands
A first-principles tour of a Conditional Access policy that's restrictive enough for compliance, lenient enough that the help desk isn't drowning, and self-documenting enough that the auditor can read it without a translator.
Find every app registration with an expiring secret
One Graph query, sorted by how soon it bites you.
mg-graph-helpers: paging and throttling, handled
A small PowerShell module that wraps the parts of Microsoft Graph I reach for weekly — so paging, throttling, and scope checks stop being copy-paste.
Writing PowerShell that survives Graph throttling
Microsoft Graph will throttle you. A 429 is not an error to log and move past — it is an instruction, and it tells you exactly how long to wait.