Tag: Remove-MgDirectoryDeletedItem

An article about the horrible devastation that an attacker can wreak inside a compromised Microsoft 365 tenant highlighted how protected actions can help by preventing attackers from being able to permanently remove user accounts unless they can pass additional authentication tests. Protected actions won’t stop attackers that have complete control over a tenant, but it might irritate them!

Microsoft has announced that it will be possible to recover a deleted service principal by the end of May. This is good news because it means that an accidental deletion can’t wreak the kind of havoc it can today. Microsoft hasn’t updated the APIs to manage soft-deleted service principals yet, but we can get an insight into what’s likely to happen by investigating how to manage deleted Entra ID accounts using cmdlets from the Microsoft Graph PowerShell SDK.