PryroTech Blog

  If you’ve been following the steady stream of updates coming out of Entra, you may have noticed a particularly powerful addition to the Microsoft Graph API: the ability to deactivate app registrations. It’s a deceptively simple feature with major implications for anyone responsible for managing the ever‑growing list of applications inside their organization. In this post, I’ll break down why this matters, how it can help you regain control of your app landscape, and—most importantly—how to automate it. I spent a good chunk of time figuring this out so you don’t have to. So… what exactly is this new feature? In short: you can now cleanly deactivate an app registration without deleting it. Historically, if you needed to stop an app from being used in your tenant, your only real option was to delete the service principal. That worked fine for throwaway apps, but for anything with configuration, history, or future relevance, deletion was a non‑starter. You either lived with the r...

  Hey there! Hope that this post finds you doing well this New Year. You may be asking yourself: "what's the news on the cyber range you're building"? I wanted to take a short break from that and introduce a side-quest I've been working on stemming from an issue I ran into when I first created my range: How do I create realistic users without having to add each one? You could start adding each one manually, and spend all day filling in each detail. Or, you can be like me and spend two months trying to automate the process! The goal here was to remove the typical constraints that bulk user creation can have and allow for realism in the sandbox, not just filler. I wanted a script that can fill out the details that the admin wants, and apply it against either Active Directory or Entra. Thus, BAESL was born! BAESL (Bulk AD Entra Sandbox Loader) is a PowerShell suite of tools that provides administrators and developers a way to inject realistic user objects into their ...

 Long time no see! The reason for this is because while I was away, I was working on a brand-new tool for administrators to audit their environment for shadow IT apps. This idea came after I wanted to be able to audit my own environment for shadow IT and didn't have a way to do it in a comprehensive manner. Thus, my PowerShell tool was born; I introduce to you, Shadowman! What is Shadowman? Shadowman in a nutshell is a tool designed to get you all the information that you need on the service principals in your Azure environment. Administrators have the option to conduct a basic audit that will capture all information and flags that are available through the application, as well as a targeted mode that will give administrators the ability to filter applications based on the following flags: Service Principal Properties Property Description DisplayName Name of the service principal AppId Application ID ObjectId Object ID in Azure AD ...