Parameter Splatting Demystified, Automated M365 Sign-in Reports with PowerShell
+ PowerShell Text Manipulation Basics
Hey everyone, we have another GREAT week of PowerShell content for you. Quick reminder that Q4 tends to be peak season for security breaches. Between folks being out for the holidays, year end chaos, and attackers knowing we’re all a bit distracted, it’s the perfect storm. Plus, holiday themed phishing campaigns are about to flood inboxes. Now’s a good time to tighten up those PowerShell security scripts and remind your users to think twice before clicking on that “Secret Santa invite” from a suspicious sender.
PowerShell Videos
PowerShell PARAMETER Splatting Demystified: Essential Tips for Beginners!
Travis Roberts has a great video on simplifying PowerShell parameters for beginners using a technique called splatting with hashtables. He explains that splatting allows you to pass a large number of parameters to a cmdlet or script as a single variable, which makes your code much cleaner and easier to read, especially when dealing with complex commands. The video demonstrates how to set up the parameter values in a hashtable and then use the @ symbol instead of the standard $, making your scripts more manageable.
PowerShell Text Manipulation Basics
Andrew Pla and Greg Martin (from PDQ) have a great video diving into the fundamentals of text manipulation in PowerShell. The video is a stream-style tutorial intended to help viewers learn how to clean up messy logs, parse configuration files, and generally master the tools necessary to handle string data effectively.
Installing Windows Server Roles and Features with PowerShell
Indigo Software has a great video tutorial demonstrating how to install Windows Server roles and features using PowerShell on Windows Server 2025. The video explains that PowerShell is a much faster and more scriptable alternative to using the Server Manager graphical interface for managing server functions. The tutorial covers the specific PowerShell cmdlets needed to list, add, and remove the necessary roles and features.
From Sysadmin to Security at Microsoft with Thomas Rayner. The PowerShell Podcast E194
Thomas Rayner joins The PowerShell Podcast for an interesting interview discussing his career journey from a sysadmin and PowerShell MVP to his current role as a security professional at Microsoft. He reflects on how crucial PowerShell was for accelerating his career, emphasizes the importance of consistent community involvement like blogging, and stresses the value of clear communication with managers for professional growth. Thomas also provides advice for those starting out, highlighting the need for patience, persistence, and seeking out mentorship in the tech industry.
PowerShell Community News
Richard Devine has an interesting article on his mixed experience learning PowerShell using AI as his primary companion. While the conversational nature of the AI helped him work through problems and understand concepts like creating functions, his early attempts to simply have the AI generate the code he wanted ultimately failed, proving that human expertise is still essential for quality and troubleshooting.
How to Convert a Synced User Source of Authority to Microsoft Entra
Daniel Bradley has an interesting article on converting a hybrid user’s source of authority from on-premises Active Directory to Microsoft Entra ID, a process he discovered through a Microsoft Graph PowerShell SDK update. He details how to use Microsoft Graph PowerShell to set the isCloudManaged property to $true, effectively stopping synchronization from on-premises and making the cloud the source of authority. This feature is great for organizations moving fully to the cloud, as it maintains critical user attributes and allows for a rollback if necessary.
https://ourcloudnetwork.com/how-to-convert-a-synced-user-source-of-authority-to-microsoft-entra/
Backdoor to Controlled Door: Taming Browser Extensions with Intune - MSEndpointMgr
Ben Whitmore has a great article on securing the enterprise against the often-overlooked threat of browser extensions by implementing a “deny-by-default, allow-by-exception” policy using Microsoft Intune. He first explains that extensions are powerful mini-apps that can act as backdoors, detailing how to use a PowerShell script to audit them based on their high-risk API and host permissions. The article then provides step-by-step guidance on creating Intune policies for Microsoft Edge and Google Chrome using the Settings Catalog, and for Mozilla Firefox using an imported ADMX template with JSON to block all unapproved extensions.
https://msendpointmgr.com/2025/10/04/taming-browser-extensions-with-intune/
Using -OutVariable in PowerShell
Harm Veenstra has a good article detailing the use of the little-used -OutVariable common parameter in PowerShell. He explains that this parameter allows you to save the full output from a command into a variable while simultaneously permitting the output to continue down the pipeline for further filtering with cmdlets like Where-Object. This technique is useful for debugging and comparing the original dataset with the final, filtered results.
https://powershellisfun.com/2025/10/03/using-outvariable-in-powershell/
Set Up Automated Microsoft 365 User Sign-in Summary Email Using PowerShell
Blesslin Rinu has a great article on how to automate the delivery of a daily Microsoft 365 user sign-in summary report via email using a PowerShell script. The script generates both a detailed CSV file and an HTML report that highlights key security metrics like failed sign-ins, Conditional Access status, and successful non-MFA sign-ins. The post then provides step-by-step instructions on how to set up this script to run automatically using Windows Task Scheduler for both MFA and certificate-based authentication.
Creating a Monitoring Service with PowerShell
Jeff Hicks, in his Behind the PowerShell Pipeline, has a great article on creating a semi-permanent monitoring service using a PowerShell script and a scheduled task to ensure continuous event monitoring even after the session closes. The solution focuses on setting up a FileSystemWatcher to monitor file changes in a folder, using an action script block to filter out duplicate events, and logging the details to a CSV file to serve as a record for an incremental backup plan.