Selling PowerShell to Security with Michael Suhl

Michael Suhl joined Mike Kanakos and Phil Bosman on the Research Triangle PowerShell User Group to tackle one of the most frustrating conversations any of us have when starting a new job, which is being told that PowerShell is too dangerous to enable. Mike walks through how to actually have the risk conversation with your GRC team, breaks down where PowerShell shows up in the MITRE ATT&CK framework, and lays out a stack ranked list of mitigations from low effort wins like audit logging and EDR all the way up to the heavy lifts like script signing, WDAC, JEA, and host based firewalls. The real gold is a slide mapping all of those controls to effort and benefit, and a teaser for a module he is calling PSART that codifies the Australian Signals Directorate guidance into deployable PowerShell.

Introducing Commercial Vantage Policy Manager for Intune

For those of you managing Lenovo devices, this post from Philip Jorgensen is a must read. He has built a new PowerShell UI tool that lets you create OMA-URI policies for Lenovo Commercial Vantage settings without having to ingest the ADMX templates the traditional way. Big quality of life improvement if you have been wrestling with this in your tenant.

https://blog.lenovocdrt.com/introducing-commercial-vantage-policy-manager-for-intune

Protecting Profiles

Jeff Hicks dropped a new Behind the PowerShell Pipeline post this week walking through how to protect your PowerShell profile scripts from tampering. He uses Get-FileHash and MyInvocation to build a function that verifies the profile has not been modified since you last approved it, which is a clever defensive technique most people overlook. If your profile is loading modules, setting aliases, or doing anything privileged, this is worth a read.

https://buttondown.com/behind-the-powershell-pipeline/archive/protecting-profiles/

Locking Down Windows Devices by Suppressing Key Combinations

Peter van der Woude has a practical post on using the built in Windows Keyboard Filter feature to suppress specific key combinations on shared, kiosk, or locked down devices. The post walks through enabling the feature with a single PowerShell command, configuring blocked combinations through some old school WMI work against the WEKF_PredefinedKey class, and deploying everything via Intune Win32 apps. Useful reference if you are managing any kind of restricted device fleet.

https://petervanderwoude.nl/post/locking-down-windows-devices-by-suppressing-key-combinations/

Shift Happens: Two Command Injections in Windows Context Menus

Remi Gascou over at SpecterOps published a fascinating piece of research uncovering two command injection vulnerabilities in the built in Windows Explorer “Open PowerShell window here” context menu, triggered by crafted folder names. One variant affects modern Windows 11 builds and the other has existed since Windows 10 1703 back in April 2017, meaning this has been sitting quietly in Windows for nearly nine years. The most interesting section is at the end where Remi shows that LLMs trained on this period of Windows documentation now confidently reproduce the vulnerable command template when asked to set up a custom context menu, with no security warnings whatsoever.

https://specterops.io/blog/2026/05/07/shift-happens-uncovering-two-built-in-command-injections-in-windows-context-menus/

Using the Microsoft Graph PowerShell SDK to Update User Profiles

Tony Redmond walks through how to use the Microsoft Graph PowerShell SDK to add awards and certifications to Microsoft 365 user profile cards, a UX update Microsoft is now rolling out to tenants. The post covers New-MgBetaUserProfileAward and New-MgBetaUserProfileCertification, how to manage the various properties, and how the resulting data surfaces in OWA, the new Outlook, and Teams. Tony also gives some good context on Microsoft’s broader people platform initiative and the surprisingly rich set of resources you can now attach to a user profile, from anniversaries to languages to publications.

https://office365itpros.com/2026/05/08/user-profile-card-awards/

Microsoft DSC v3: Build and Deploy Classic Resources with ActiveDirectoryDsc

Michal Machniak has a phenomenal deep dive on using DSC v3 to deploy a full Active Directory environment from scratch using nothing but declarative YAML files. He walks through a two stage approach where the first stage uses ActiveDirectoryDsc/ADDomain to spin up the forest and promote the first DC, then the second stage uses Microsoft.DSC/Include to compose six smaller configurations covering the OU hierarchy, admin users, delegation groups, group membership, OU permission entries, and fine grained password policies. The post is loaded with working YAML examples, parameter file patterns for keeping secrets out of source control, and the actual dsc config commands to validate and apply each stage.

https://mmachniak.net/2026/05/06/dscv3-build-and-deploy-classic-resources-activedirectory-dsc/

From ISE Anxiety to VS Code Every Day with Paula Kingsley

Andrew Pla sits down with Paula Kingsley, an eight time Microsoft MVP for Exchange Server and self described happy generalist, for a wide ranging conversation about her tech career and the long delayed jump from ISE to VS Code. Paula admits she put off the switch for as long as possible, and her advice for anyone in the same boat is refreshingly simple: just open VS Code and leave it open. The episode also covers why being a generalist is undervalued, the importance of building yourself an escape route with WhatIf and ShouldProcess, and the very real difference between Get cmdlets and Set cmdlets when your afternoon is on the line.

PowerShell Universal Forum Moves to Devolutions

Adam Driscoll announced this week that the Ironman Software forum is closing and migrating to the Devolutions forum starting Monday, May 11. All existing PowerShell Universal discussions and threads will be moved over and any new posts will need to be made directly on the Devolutions side, which means creating a free Devolutions account if you do not already have one. The migrated posts will appear anonymously at first but you can claim your content once your account is set up. Worth knowing about if you have ever posted there.

https://forums.ironmansoftware.com/t/heads-up-were-moving-to-the-devolutions-forum/13316

Announcing Native PowerShell Tooling for ReFS Snapshots

Jeffrey Woolsey announced ReFSSnapshots, a new open source PowerShell module from Microsoft that wraps the existing refsutil streamsnapshot command line utility in proper cmdlets with pipeline support and consistent error handling. ReFS has long supported stream level snapshots for point in time capture of individual files or streams rather than full volumes, but until now you had to drive it through the command line tool. If you are already using ReFS for resilient storage on Windows Server or client, this makes integrating snapshots into your existing PowerShell workflows significantly easier, and the GitHub repo includes good examples for pre change snapshots, comparison workflows, and scheduled maintenance.

https://techcommunity.microsoft.com/blog/filecab/announcing-native-powershell-tooling-for-refs-snapshots/4516377

How to Install the New Microsoft Entra ID Module

Patrick Gruenauer has a quick reference for installing the new Microsoft.Entra PowerShell module for managing Microsoft 365 from PowerShell. The whole setup is essentially Install-Module, Connect-Entra, and you are off to the races. Handy bookmark if you are still migrating scripts away from the older AzureAD or MSOnline modules and want a clean starting point.

https://sid-500.com/2026/05/06/powershell-how-to-install-the-new-microsoft-entra-id-module/

ExcelFast v0.0.1-alpha14 Released

Justin Grote pushed a new alpha release of ExcelFast, his high performance PowerShell module for importing, exporting, and manipulating Excel files. If you are still doing Excel work with ImportExcel or wrestling with COM automation, this is worth tracking as an alternative built for speed.

https://github.com/JustinGrote/ExcelFast/releases/tag/v0.0.1-alpha14

Upcoming Events

PowerShell UserGroup InnSalzach: Your Graph Apps Are Over-Privileged, Let’s Fix That with PowerShell

The PowerShell UserGroup Inn-Salzach is hosting Morten Mynster on May 14 from 8PM to 9PM CET for an online session on auditing and right sizing Microsoft Graph application permissions with PowerShell.

https://www.meetup.com/de-de/powershell-usergroup-inn-salzach/events/314638631/

PSConfEU 2026 June 1-4, 2026 in Wiesbaden, Germany

https://psconf.eu/