Update-MgServicePrincipal Archives - Office 365 for IT Pros

Leverage User and Group Assignments to Limit User Access to Apps

Posted on April 10, 2026April 10, 2026 by Tony Redmond

User and Group assignments can be added to Entra ID applications. Once assignments exist for an application, only assigned users can access that application. This method is a good way to secure access to applications that have consent to use high-profile permissions like Sites.FullControl.All or Mail.Read. Microsoft 365 tenants should consider how to use assignments to control user access to applications.

How to Block User Access to Microsoft 365 PowerShell Modules

Posted on October 12, 2023August 24, 2024 by Tony Redmond

The question of how best to block PowerShell access for Microsoft 365 user accounts deserved some consideration. The answer lies in service principals for the enterprise accounts created by Microsoft to allow PowerShell modules to authenticate with Entra ID. By restricting access to an assigned security group, you effectively block access to anyone outside that group.