Automating Azure Securely: Microsoft Graph, Identity & Cloud Automation with Ahmed Uzejnovic [MVP]

What does secure cloud automation actually mean in modern Microsoft environments? How can organizations automate user management, identity workflows, Microsoft 365 operations, and Azure infrastructure without creating massive security risks? And why is Microsoft Graph becoming one of the most important technologies every Microsoft administrator should understand? In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP Ahmed Uzejnovic to explore secure Azure automation, Microsoft Graph API, identity-driven automation, hybrid cloud infrastructure, PowerShell scripting, and the future of enterprise automation inside Microsoft ecosystems. Ahmed Uzejnovic is an IT automation and infrastructure specialist from Salzburg with a strong focus on PowerShell, Azure Automation, Microsoft Graph, identity security, hybrid environments, and enterprise-scale automation. Throughout the conversation, Ahmed shares practical real-world insights from building secure automation systems for onboarding, offboarding, identity synchronization, cloud governance, and operational management across hybrid Microsoft environments.

HOW A SIMPLE USER OFFBOARDING SCRIPT STARTED EVERYTHING

Ahmed’s automation journey started in local IT support where repetitive manual tasks quickly became impossible to ignore. One of the earliest examples he shares is user onboarding and offboarding. Administrators were spending multiple hours every day manually disabling accounts, updating systems, configuring permissions, handling Exchange tasks, and managing repetitive operational work. Instead of accepting repetitive manual work as “normal,” Ahmed started building small PowerShell scripts step-by-step to automate individual tasks. What began as tiny automation scripts eventually evolved into a fully automated user offboarding process that is still running successfully years later. This became the starting point for a much larger automation career focused on solving operational problems at scale. One of the strongest themes throughout the episode is Ahmed’s belief that automation is not really about scripts — it is about process thinking. Before automation can work effectively, organizations first need stable, repeatable, and clearly defined operational processes. Bad processes create bad automation. Good processes create scalable automation systems. 

WHY MICROSOFT GRAPH IS BECOMING ESSENTIAL FOR MODERN ADMINS

A major focus of the episode is Microsoft Graph API and why it is rapidly becoming one of the most important technologies inside Microsoft 365 and Azure administration. Ahmed explains that Microsoft Graph is essentially the backend operating layer behind Microsoft cloud services. Nearly every action performed inside Microsoft 365 admin portals, Azure portals, Intune, Entra ID, Teams, and Exchange eventually translates into API calls against Microsoft Graph. The discussion explores how Microsoft administrators can use Graph API to automate:

• User management
• Group management
• Intune administration
• Device management
• Microsoft Teams operations
• Azure identity workflows
• Authentication management
• Azure Automation processes
• Enterprise onboarding and offboarding

Ahmed explains why learning Graph API gives administrators deeper visibility into Microsoft services compared to only using graphical portals. Instead of clicking through interfaces manually, administrators gain the ability to programmatically manage workloads, build scalable automation systems, deploy repeatable configurations, and integrate Microsoft services into broader enterprise processes. One particularly interesting section focuses on how Ahmed uses Microsoft Graph documentation to discover what is technically possible inside Microsoft ecosystems. Before starting any automation project, he first investigates whether Graph endpoints already exist for the workload he wants to automate.

THE BIGGEST SECURITY MISTAKE IN AUTOMATION

When the conversation shifts toward automation security, Ahmed becomes very direct about one of the most common and dangerous mistakes organizations still make today: hardcoded secrets and passwords. Ahmed explains that many organizations still store credentials directly inside scripts, configuration files, or automation systems without properly securing them. While this may have been common practice years ago, modern cloud security threats make this approach extremely dangerous. A compromised script containing hardcoded secrets can potentially expose entire Microsoft tenants, identity systems, or enterprise infrastructure. The episode explores why organizations should instead adopt modern security practices such as:

• Azure Key Vault
• Managed identities
• Least privilege permissions
• Role-based access control
• Secure app registrations
• Identity-based authentication
• Federated credentials

Ahmed strongly emphasizes the importance of designing automation systems under the assumption that attackers may eventually gain access to scripts or infrastructure components. Because of that, automation systems should always minimize permissions and reduce blast radius wherever possible.

MANAGED IDENTITIES, APP REGISTRATIONS & ZERO TRUST

One of the most valuable parts of the conversation is Ahmed’s explanation of managed identities and secure authentication patterns in Azure automation environments. He explains how managed identities eliminate the need for storing passwords or secrets by allowing Azure services to authenticate securely using Microsoft-managed credentials. The discussion dives deep into app registrations, service principals, permissions, and Graph API authentication. Ahmed explains why many organizations incorrectly create single “super-powered” app registrations with excessive permissions that become extremely dangerous if compromised. Instead, he recommends splitting automation workloads into separate app registrations with tightly scoped permissions designed only for their specific purpose. Mirko and Ahmed also discuss several core security principles including:

• Zero Trust security
• Identity-first security models
• Least privilege access
• Conditional access
• Permission management
• Secure token handling
• Consent management
• Secure cloud governance

Ahmed strongly believes that identity has become the new security perimeter inside cloud environments. Rather than relying only on traditional network boundaries, organizations increasingly secure access through identity validation, conditional access policies, and tightly controlled authentication systems.

HYBRID CLOUD AUTOMATION IS STILL THE REALITY

Another important topic throughout the episode is the reality of hybrid infrastructure. While cloud adoption continues accelerating, Ahmed explains that most organizations still operate hybrid environments combining on-premises systems with Azure and Microsoft 365 services. Rather than completely replacing on-premises infrastructure overnight, many enterprises gradually extend workloads into Azure while continuing to maintain Active Directory, local databases, internal systems, and hybrid identity architectures. This creates new automation challenges where systems must securely exchange data across cloud and on-premises boundaries. Ahmed explains how Azure Automation hybrid workers, Azure Arc, Microsoft Graph, and secure identity models help organizations bridge these environments while maintaining operational consistency and security. 

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365–6704921/support.